|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: sshd1 allows unencrypted sessions regardless of server policy
Subject: Re: sshd1 allows unencrypted sessions regardless of server policy
From: der Mouse (mouse
RODENTS.MONTREAL.QC.CA)
Date: Tue Dec 14 1999 - 21:07:36 CST
- Next message: .rain.forest.puppy.: "Re: NT WinLogon VM contains plaintext password visible in admin mode"
- Previous message: Elias Levy: "CERT Advisory CA-99-16 Buffer Overflow in Sun Solstice AdminSuite Daemon sadmind"
- Maybe in reply to: Markus Friedl: "sshd1 allows unencrypted sessions regardless of server policy"
- Next in thread: Markus Friedl: "Re: sshd1 allows unencrypted sessions regardless of server policy"
- Maybe reply: der Mouse: "Re: sshd1 allows unencrypted sessions regardless of server policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
If we're going to be picking nits....
> AFAIK... The passpharse-less host keys are encrypted with 3-DES and
> no password. They were, at one time, encrypted with IDEA with no
> password.
...neither IDEA nor triple-DES *can* encrypt with no "password" (by
which I have to assume you mean what is normally, for a block cipher,
called a "key").
Perhaps you mean "some non-secret key"[%], which is not the same thing
as *no* key. (Of course, from a security point of view, if a
non-secret key is used, it makes no difference which one it is.)
[%] The one resulting from following the usual algorithms on a
zero-length passphrase, perhaps...?
> Like I said... Just a nit...
"What he said."
der Mouse
mouserodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
- Next message: .rain.forest.puppy.: "Re: NT WinLogon VM contains plaintext password visible in admin mode"
- Previous message: Elias Levy: "CERT Advisory CA-99-16 Buffer Overflow in Sun Solstice AdminSuite Daemon sadmind"
- Maybe in reply to: Markus Friedl: "sshd1 allows unencrypted sessions regardless of server policy"
- Next in thread: Markus Friedl: "Re: sshd1 allows unencrypted sessions regardless of server policy"
- Maybe reply: der Mouse: "Re: sshd1 allows unencrypted sessions regardless of server policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Wed Dec 15 1999 - 11:37:13 CST