[12967] in bugtraq
Re: sshd1 allows unencrypted sessions regardless of server policy
daemon@ATHENA.MIT.EDU (der Mouse)
Wed Dec 15 12:40:29 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Message-Id: <199912150307.WAA02406@Twig.Rodents.Montreal.QC.CA>
Date: Tue, 14 Dec 1999 22:07:36 -0500
Reply-To: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
From: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
X-To: "Michael H. Warfield" <mhw@WITTSEND.COM>,
BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
If we're going to be picking nits....
> AFAIK... The passpharse-less host keys are encrypted with 3-DES and
> no password. They were, at one time, encrypted with IDEA with no
> password.
...neither IDEA nor triple-DES *can* encrypt with no "password" (by
which I have to assume you mean what is normally, for a block cipher,
called a "key").
Perhaps you mean "some non-secret key"[%], which is not the same thing
as *no* key. (Of course, from a security point of view, if a
non-secret key is used, it makes no difference which one it is.)
[%] The one resulting from following the usual algorithms on a
zero-length passphrase, perhaps...?
> Like I said... Just a nit...
"What he said."
der Mouse
mouse@rodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
