David Latil wrote:
I have a somewhat bizarre project on my plate. I have been tasked to
come up with a secure proxy of sorts that uses SSH over SSL (I mean
to actually encrypt SSH with SSL, not just tunnel through a proxy).
In the end, we would be using port forwarding over SSH for HTTP
traffic.
being SSH is an application level protocol, I don't see why I could
not replace the standard TCP connection that it uses with SSL. Why
you ask? the theory is if encryption via SSL is secure then if you
doubly encrypt using SSH then you are doubly secure, supposedly there
is some form of data compression built into SSH that may be
benefitial, you could go through the firewall friendly port 443, and
you could use other higher level protocols through the SSH port
forwarding feature.
I'm not very experienced programming with SSL, but I'm heavily
researching the concepts at this stage, I'm a bit skeptical to say
the least of the cost/benefits of this.
I sure would appreciate if someone could tell me if this is a bad
idea and why, the more I know now at this time the better.
David
SSH via stunnel?
IIRC, double encryption is only as secure as the strongest algorithm
used. That is, you don't get twice the security simply by encrypting
twice. Also, using multiple or repeated use of encryption algorithms on
the same data set can potentially _reduce_ the security of the encrypted
data - especially if the same private key is used for both encryptions
or both keys are generated on the same hardware.
--
Thomas Hruska
Shining Light Productions
Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL.
http://www.slproweb.com/
Ask me about discounts on any Shining Light Productions product!
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]