IDEA support
Damien Miller
djm at mindrot.org
Wed Aug 9 14:52:13 EST 2000
On Thu, 3 Aug 2000, Marko Asplund wrote:
> hi
>
> first of all i'd like to thank you for your efforts in developing OpenSSH.
Thanks!
> one thing i'd like to see in OpenSSH is (optional) IDEA algorith support.
> this would be useful especially in an environment which has a mix of old
> ssh v1.2.x and OpenSSH installations. according to Ascom the non
> commercial use of IDEA is free (http://www.ascom.com/infosec/idea.html).
> also, there are countries (e.g. Finland) where IDEA is not patented.
> here's a patch suggestion for IDEA support (autoheader and autoconf have
> to be run after patching the source).
We won't integrate IDEA for a couple of reasons:
1) It is patented in some countries and will be for the forseeable
future. We want OpenSSH to be free everywhere. (we tolerate the RSA
code because the patent will expire in 42 days)
2) It doesn't need to be there - it is not required to communicate with
commercial SSH servers. Old keys ciphered with IDEA can be migrated as
per the FAQ.
3) It offers no advantages as a cipher - blowfish is fast & free, 3DES is
secure & free. IDEA is vulnerable to the insertion attack and (IIRC) has
a few potential attacks published.
-d
--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)
More information about the openssh-unix-dev
mailing list