Date: Sun, 2 Jan 2000 15:12:08 +0100 From: Markus Friedl <markus.friedl@informatik.uni-erlangen.de> To: David Rankin <drankin@bohemians.lexington.ky.us> Cc: Brian Fundakowski Feldman <green@FreeBSD.org>, "Michael H. Warfield" <mhw@wittsend.com>, Dug Song <dugsong@monkey.org>, security@FreeBSD.org, openssh-unix-dev@mindrot.org Subject: Re: OpenSSH protocol 1.6 proposal Message-ID: <20000102151208.A21548@folly.informatik.uni-erlangen.de> In-Reply-To: <20000102061545.A1691@rumpole.bohemians.lexington.ky.us> References: <20000101235721.A15256@alcove.wittsend.com> <Pine.BSF.4.10.10001020047520.36184-100000@green.dyndns.org> <20000102061545.A1691@rumpole.bohemians.lexington.ky.us>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 02, 2000 at 06:15:48AM -0500, David Rankin wrote: > Speaking completely without facts, I am personally skeptical about > enhancing the 1.x protocol when all of the standards processes are > focused on getting 2.0 out the door. That said, I am willing to be > convinced on the matter. i have put the latest revisions of my SSH 1.6 patches to http://wwwcip.informatik.uni-erlangen.de/~msfriedl/openssh/ basically they consist of: (1) CRC is replaced with hmac-sha1 + sequence-numbers. the bytes needed for the hmac-key are taken from the shared session-key (2) authentication for parameters passed in the clear: the session-id is extended from session_id := MD5 (host_key_n |session_key_n|cookie); to session_id := MD5 (host_key_n |session_key_n| supported_ciphers|supported_authentications| client_flags|server_flags| client_version_string|server_version_string| cookie); and yes, having openssh speak SSH-2.0 would be nice. mail me if you are interested in helping implement 2.0. -markus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000102151208.A21548>