"Robert O'Callahan" <[EMAIL PROTECTED]> writes: > However, there are some real issues with 1.x: > [...] I think you missed what is perhaps the biggest one. It uses 3DES in what Applied Crypto refers to as `inner feedback' mode. This is significantly weaker than `outer feedback' mode. (I may have Schneier's terminology switched there. The point being that SSH codes 3DES as effectively 3 independent passes through 1DES.)
- Re: configure-error... Gregor Mosheh
- Re: configure-error... C. Vandersip
- Re: ssh-1.2.27 remote buffer overflow - exploitable (... Niels Provos
- Re: ssh-1.2.27 remote buffer overflow - exploitable (... Niels Provos
- Re: ssh-1.2.27 remote buffer overflow - exploita... Jim Barlow
- Re: ssh-1.2.27 remote buffer overflow - exploita... Carl J. Nobile
- Re: ssh-1.2.27 remote buffer overflow - expl... Michael H. Warfield
- Re: ssh-1.2.27 remote buffer overflow - expl... Eric J. Schwertfeger
- Re: ssh-1.2.27 remote buffer overflow - exploitable (... Niels Provos
- OpenSSH and SSHv2 Robert O'Callahan
- Re: OpenSSH and SSHv2 Charles M. Hannum
- Re: OpenSSH and SSHv2 Bjoern Groenvall
- Re: ssh-1.2.27 remote buffer overflow - exploitable (... Niels Provos
