Practical Applications - Cryptology Unlocked

Cryptography Reference

In-Depth Information

does take a lot of time, whereas you are mainly interested in an interception-

proof login, then you can always enter 'ssh -c none hostname ': in this case, the

current data traffic is not encrypted. However, at least the Blowfish cipher (use

the blowfish option) is fast enough to pull an interception-safe backup over the

network.

SSH Everywhere: Proliferation and Licenses

SSH1 was once in use in about 10 000 organizations across roughly 50 coun-

tries, according to Ylonen's own statements. What I particularly like about SSH

is its simple interfaces to the cryptographic modules, and the well-designed

security concept.

The private use of SSH1 used to be free. For commercial use, there was a

bunch of license terms and conditions for third-party contributions, which are

stated in the COPYING file, among others.

Unpleasant Development

The protocol was changed with Release 2.0: it's now called IETF SSH Secure

Shell protocol . The new SSH2 was available only for commercial use and

didn't support the SSH1 protocol any more. That was extremely disappointing.

All those people who wanted to communicate with servers that ran SSH2 were

supposed to buy the software, even for private use. Compared to SSH1, that

was a step backwards, no doubt: imagine you have to quite often log on to your

work computer from home over an Internet provider. No problem over SSH1.

As mentioned earlier, there wouldn't be any other way anyway, because the

company computer can't possibly know your IP address, since it is normally

assigned by the provider. Now, your company would have to migrate to SSH2,

and you've got a problem.

Yl onen himself (who participated in the commercial development) recommends

in several mailing lists to use only the new protocol since the old was insecure.

One reason might be the Bleichenbacher attack discussed as Risk 5 in connec-

tion with RSA in Section 4.5.3, where I mentioned simple countermeasures.

SSH1 would make this attack harder in any event, because changing the keys

on an hourly basis would mean that an attacker would have one hour at most.

With one million requests, this would result in a rate of about 300 requests per

second, which generally requires additional expensive hardware on the server

side. In addition, the attacker himself would have to do a lot of computations

and need special hardware. You can read in PD/SSH/ssh1 insecure.txt on the

Search WWH ::

Custom Search

Home