-c none option
Jason Stone
jason at shalott.net
Sat Dec 8 10:40:27 EST 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> The SSH2 protocol separated authentication and message integrity
> from encryption. As such, OpenSSH *should* be supporting None as an
> encryption type while enforcing authenticated packets w/ hmac-md5 or
> something similar. It isn't.
Also, many governments regulate the use of "cryptographic" algorithms, but
not "authentication" algorithms. In particular, for many years you could
not export 56-bit DES implementations from the US, but you could export
any MD5 or SHA1 implementation.
Supporting cipher=none with MAC'd packets might make it legal to use ssh
in some countries where it couldn't otherwise be used, and while it would
not prevent sniffing attacks, it _would_ prevent session hijacking, which
is better than nothing.
-Jason
-----------------------------------------------------------------------
I worry about my child and the Internet all the time, even though she's
too young to have logged on yet. Here's what I worry about. I worry
that 10 or 15 years from now, she will come to me and say "Daddy, where
were you when they took freedom of the press away from the Internet?"
-- Mike Godwin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg
iD8DBQE8EVNuswXMWWtptckRAtsEAKDg7TeB/T3LsIIuS2i0CVA25707CwCdH/fb
CzQBAdZ83XqOTEkDKrqv9HU=
=Qexd
-----END PGP SIGNATURE-----
More information about the openssh-unix-dev
mailing list