Warning message at password prompt

Damien Miller djm at mindrot.org
Fri Feb 15 00:15:44 EST 2002


On Thu, 14 Feb 2002, Edward Avis wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Thu, 14 Feb 2002, Michael Stone wrote:
> 
> >>enable unencrypted connections.  I understand that the OpenSSH
> >>maintainers don't want to support this in the main release, but it is
> >>useful to me and to some others.
> >
> >People keep saying that, but you might as well benchmark it--I've
> >always seen that there's enough slowdown in other places that turning
> >off encryption doesn't really buy you much on a modern machine.
> 
> I will certainly benchmark and post a summary of results to this list.
> With SSH v1 protocol there seemed to be a noticeable speedup, but I need
> to get some concrete numbers.

Don't use cipher none with protocol 1, then only thing protecting you 
is an easily calculated CRC. protocol 2 has a proper MAC at least.

> This seems like a good moment to ask another question: should I prefer
> RSA or DSA authentication with protocol 2?  I have heard mumblings that
> DSA is somehow less secure (or less banged-upon) than RSA, and that now
> the RSA patent has expired there's no reason to use DSA.  DSA seems a
> lot slower, so I would like to switch if possible.  I hope this question
> is not off-topic for the developers' list, it does need a real expert to
> answer it.

RSA is faster, I don't know of any attacks on DSA.

-d




More information about the openssh-unix-dev mailing list