"cipher none" alternatives ?
Rachit Siamwalla
rachit at ensim.com
Sat Mar 17 14:52:03 EST 2001
> The scheme you're talking about isn't vulnerable to password sniffing, but
> it _is_ vulnerable to hijacking. The crypto in this case is serving to
> authenticate each individual packet as well as hide the data, so when you
> get rid of the crypto, an attacker can take over either end of the
> connection, inject packets (containing commands), etc, even though he
> doesn't know the password.
I'm no crypto guro, but correct me if i'm wrong, can't you just use
secure hashes to protect the data? secure hashes should be a lot faster
than crypting the datastream.
-rchit
More information about the openssh-unix-dev
mailing list