"cipher none" alternatives ?

Rachit Siamwalla rachit at ensim.com
Sat Mar 17 14:52:03 EST 2001

> The scheme you're talking about isn't vulnerable to password sniffing, but
> it _is_ vulnerable to hijacking.  The crypto in this case is serving to
> authenticate each individual packet as well as hide the data, so when you
> get rid of the crypto, an attacker can take over either end of the
> connection, inject packets (containing commands), etc, even though he
> doesn't know the password.

I'm no crypto guro, but correct me if i'm wrong, can't you just use
secure hashes to protect the data? secure hashes should be a lot faster
than crypting the datastream.


More information about the openssh-unix-dev mailing list