Tim Peeler <[EMAIL PROTECTED]> writes: > As we have yet to see any indication that this is related to the crc32 > compensation detector yet, I'm finding it more and more difficult > to believe that this was truely the problem.
Yes, indeed. This particular problem has been fixed, but there are others, which are more like protocol weaknesses and more difficult to address (the CRC32 attack detector was added to compensate for such a vulnerability). Anyway, I just wanted to make sure that you investigate other weaknesses than the SSH1 implementation. It's my gut feeling based on the facts you have mentioned that another explanation is far more likely. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
