RedHat forks OpenSSH?

Theo de Raadt deraadt at cvs.openbsd.org
Tue Nov 9 09:46:47 EST 2004


> On Tue, Nov 09, 2004 at 07:23:44AM +1100, Damien Miller wrote:
> > the only change is deletion of files related to the experimental
> > ACSS cipher. It is unclear why Redhat has chosen to do this: the 
> > cipher is disabled by default and their own Cygwin product has
> > shipped these same files for many months, as have many other
> > Linux distributions.
>
> Of course, the readership might be more enlightened to know what ACSS 
> is.
>
> "This library implements the Alleged Content Scrambling System.  It is
> believed
> to be interoperable with CSS of the DVD Copy Control Association.
> ACSS is a stream cipher with a fixed key length of 40 bit (5 byte).

I quote from the openssl RC4 manual page:

       This library implements the Alleged RC4 cipher, which is
       described for example in Applied Cryptography.  It is
       believed to be compatible with RC4[TM], a proprietary
       cipher of RSA Security Inc.

> ACSS consists of a key setup phase and the actual encryption or decryption
> phase."
>
> Apart from the potential legal issues (even if are just some litigious
> bastards suing people for fun/profit instead of real ones) surrounding
> said algorithms,

Precisely what legal issues would that be?

What we have here in ACSS is a multi-purpose cipher that can be used
for many things, including but not limited to encrypting ssh sessions.
And it is fast.

> isn't it OpenBSD policy (dunno about openssh) to not ship
> known broken crypto algorithms at all?

It is our policy to provide a secure replacement for telnet and
rlogin, so that people stop using telnet and rlogin.  It is our
policy to release that software in a free fashion so that vendors
can supply their customers with a high quality implimention.

If you don't like what we write, you can run something else..
.




More information about the openssh-unix-dev mailing list