Home page logo

bugtraq logo Bugtraq mailing list archives

Re: sshd1 allows unencrypted sessions regardless of server policy
From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Tue, 14 Dec 1999 22:07:36 -0500

If we're going to be picking nits....

AFAIK...  The passpharse-less host keys are encrypted with 3-DES and
no password.  They were, at one time, encrypted with IDEA with no

...neither IDEA nor triple-DES *can* encrypt with no "password" (by
which I have to assume you mean what is normally, for a block cipher,
called a "key").

Perhaps you mean "some non-secret key"[%], which is not the same thing
as *no* key.  (Of course, from a security point of view, if a
non-secret key is used, it makes no difference which one it is.)

[%] The one resulting from following the usual algorithms on a
    zero-length passphrase, perhaps...?

Like I said...  Just a nit...

"What he said."

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]