Date: Tue, 22 Oct 2002 23:19:23 -0700 From: "Lucky Green" <shamrock@cypherpunks.to> To: <freebsd-current@freebsd.org> Subject: Request: remove ssh1 fallback Message-ID: <007501c27a5c$27203fc0$6501a8c0@VAIO650>
next in thread | raw e-mail | index | archive | help
If I understand correctly, the next opportunity after 5.0R to make a change of such significance is FreeBSD 6.0. Since I suspect that few folks will want to have ssh1 enabled by the time 6.0 is released, I would like to request for the team to please consider disabling ssh1 fallback prior to 5.0R. Ssh1 is fundamentally broken. It uses a CRC where a MAC is required. While the attack detection logic in the code looks good, I don't know of many cryptographers that would be willing to bet that no further attacks exploiting ssh1's design flaws will be found. Ssh1 is a potential security hole with very little utility remaining given that ssh2-capable versions of ssh are readily available for a host of platforms and in fact have been so for some time. I therefore believe that the 5.0 release represents a perfect opportunity to remove ssh1 fallback from the default distribution of FreeBSD and hope the FreeBSD team will consider this change. Thanks, --Lucky Green To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007501c27a5c$27203fc0$6501a8c0>