Jeff Bailey <[EMAIL PROTECTED]> writes:
> On Mon, Mar 13, 2000 at 11:17:40PM +0100, Niels Mvller wrote:
> > I've just compiled lsh-0.9 on bos1.gnu.org. Basically
> >
> > $ ./configure && make
> > # make install
> > # lsh_keygen | lsh_writekey /etc/lsh_host_key
>
> Will we also be putting OpenSSH on there? That's what we've got on
> subversions, and it would be nice have a standard. When I looked this
> weekend, the lsh pages also said that the current versions should not be
> expected to provide any security.
I think it is a good idea to have both. OpenSSH implements version 1
of the ssh protocol, which is what most people are using. LSH
implements version 2 of the protocol, which is quite incompatible.
As for LSH's status, the current README includes the following disclaimer:
LSH IS A WORK IN PROGRESS. IT WILL NOT PROVIDE ANY SECURITY ON SYSTEMS
THAT LACK /dev/random. THERE MAY BE OTHER SERIOUS BUGS THAT MAKE IT
TOTALLY INSECURE.
The web pages still carries the previous version of the disclaimer.
It's not at *all* as well tested as ssh1, but I think it is good
enough to start trying it out seriously.
/lsh author
