On Tue, Jun 04, 2002 at 02:20:02PM +0200, Mikael Olsson wrote: > The complete (Open)SSH package is ~55000 lines of code, although > obviously not _all_ of it should be counted, and comes with
that number seems overstated; for openssh-3.2.3p1 i see: $ kdsi *.[ch] openbsd-compat/*.[ch] 43488 7044 10999 4442 total but there's openssl etc. openbsd native is another metric: $ kdsi *.[ch] 33752 5124 7771 3117 total > backwards-compatibility code for stuff that shouldn't be used > to administrate firewalls (e.g. SSH1, which doesn't authenticate > the data stream). you are referring to insertion attacks due to CRC usage for data integrity checking? do you consider v1 to be fundamentally broken? i do not, but obviously prefer v2 when available, and do push vendors to support v2. from: http://www.cisco.com/warp/public/707/ssh.shtml "If a review of any claimed protocol defects shows that SSHv1 protocol in Cisco IOS is fundamentally broken, then Cisco will determine if it is appropriate to migrate to SSHv2 at that time." -- Kevin Steves | [EMAIL PROTECTED] Atomic Gears LLC | http://www.atomicgears.com/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls