CryptoCard patch

erich hh at sidereal.kz
Thu Sep 14 16:09:53 EST 2000


> I am not particularly keen on putting code into OpenSSH to support
> proprietary authentication technologies.

CryptoCard is absolutely not in any way a proprietary authentication
technology.  It is a plain and simple DES ECB encryption of the input,
using a key which is stored in the device.  The first 4 bytes of the
output are then displayed in hex.  In fact, I have also hired someone
to write a CryptoCard emulator for the Palm Pilot, and the resulting
code will also be under GPL.  Contrast this with RSA, which is in fact
a proprietary authentication technology, and which OpenSSH supports by
default.

Including a hundred or so lines of code to support a more secure,
non-proprietary authentication method makes sense.  I had this code
written under the OpenSSH license exactly for this purpose.  If you
want people like me to continue to pay people to contribute to open
source projects, like OpenSSH, it would be a good idea to not
disregard the stuff that gets done this way.  I have some pretty
specific security needs for what I'm doing, and I want to do it in an
open source way, and contribute back as much as possible to the
quality project that is OpenBSD.

> In any case, changes to the protocol (which this is) should be sent
> via the OpenBSD maintainers. I doubt they would accept the patch in its
> current form - it uses functions only present in the portable version.

Who can I talk to about this?  Should I send it to the OpenBSD core
team?

Thanks,

e





More information about the openssh-unix-dev mailing list