On 09/02/2015 11:53 AM, Alex Wilson wrote: > Chris Ridd <[email protected]> wrote: > >> On 31 Aug 2015, at 18:44, Alex Wilson <[email protected]> wrote: >>> * They have already given people an alternative path forwards (ECDSA) >> >> The problem with this is practical - some vendors (Apple is one, possibly >> there are others) disable ecdsa in their bundled ssh tools. I did read >> this was potentially due to patent concerns, but that may be untrue.
Not being an attorney, it seems including it but un-configured would not avoid the legal ramification. There are so many non security reasons why various such implementations are done. Because of the difficulty in testing and verifying everything I simply drop it when there is a reasonable expectation that any of the thousands of hackers on the payroll of organized crime, never mind all who just do it for entertainment, have a passage through. Being that I'm not clueless about how it's done I take very little heed to those who claim to not having been hacked, as they rarely would have a clue to even notice they are owned. The overwhelming majority of businesses operate on financial consideration with a limited security process. Or consideration for that matter. It's not real until someone is hurt for real, kind of head in the sand attitude. Of course when you deal with some built-in enforced security model of which one can only tell the users that you have my sympathies, then you have to organize your life in some way that works for You. > I find this intensely curious, as Apple are heavy users of ECDSA thoughout > the iOS ecosystem, in particular in iMessage and the application signing > infrastructure. Also they leave the algorithm enabled in all of their > OpenSSL builds and even provide API wrappers for it. And I believe the average break-in to iOS is done in about 6 seconds. > preferring 4096-bit) and both parties are using a modern SSH version with > strong hashes rather than MD5 or SHA1. Yep both of which have fallen out of grace. It's a shame that we even need to worry about these kinds of things. -- Steve ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
