sftp/scp performance testing
Dan Kaminsky
dan at doxpara.com
Thu Jan 10 19:49:41 EST 2002
> > What should make a difference is whether the SSH1 or SSH2 protocols are
> > used -- SSH1 implicitly authenticates packets,
>
> that's not true. SSH1 does not really authenticate packets,
> it just uses CRC, while SSH2 uses a true MAC (e.g. hmac-md5
> or hmac-sha1).
Markus--
Thus the difference between implicit and explicit authentication of
packets. Implicit authentication basically says, look, the only other host
that *could* generate a correctly decryptable packet is the one I exchanged
encryption keys with, so I can implicitly assume any packet that decrypts
into "something meaningful" comes from the host I authenticated earlier.
Replay attacks don't defeat implicit authentication. Different sessions
with the same host have different session keys, while the chaining of one
packet to the next prevents intra-session replay. Of course, the problem is
that anything can be decrypted with any key, it just won't necessarily mean
anything. So CRCs were used in SSH1 as an attempt to ward off random
corruption more than anything else.
--Dan
More information about the openssh-unix-dev
mailing list