On Tue, Nov 16, 1999 at 11:30:16AM +0100, Oystein Viggen wrote:
> Blue Boar wrote:
>
> > <SNIP>
> > Debian is immune for the (somewhat messy) reasons that they do not link
> > ssh to rsaref, last time that I checked.
> > <SNIP>
>
> Does the fact that the international version of ssh from replay.com uses
> "internal rsaref" instead of the "external rsaref" in the US version make
> it immune to this attack too?
>
> The version is at least not as far as I can see externally linked to any
> rsaref library:
As far as I can tell from the spec file, the -5i version is never
configured with --with-rsaref, and the guilty code in rsaglue.c is
never reached.
Dan
/--------------------------------\ /--------------------------------\
| Daniel Jacobowitz |__| SCS Class of 2002 |
| Debian GNU/Linux Developer __ Carnegie Mellon University |
| [EMAIL PROTECTED] | | [EMAIL PROTECTED] |
\--------------------------------/ \--------------------------------/
