RedHat forks OpenSSH?
Theo de Raadt
deraadt at cvs.openbsd.org
Tue Nov 9 09:46:47 EST 2004
> On Tue, Nov 09, 2004 at 07:23:44AM +1100, Damien Miller wrote:
> > the only change is deletion of files related to the experimental
> > ACSS cipher. It is unclear why Redhat has chosen to do this: the
> > cipher is disabled by default and their own Cygwin product has
> > shipped these same files for many months, as have many other
> > Linux distributions.
>
> Of course, the readership might be more enlightened to know what ACSS
> is.
>
> "This library implements the Alleged Content Scrambling System. It is
> believed
> to be interoperable with CSS of the DVD Copy Control Association.
> ACSS is a stream cipher with a fixed key length of 40 bit (5 byte).
I quote from the openssl RC4 manual page:
This library implements the Alleged RC4 cipher, which is
described for example in Applied Cryptography. It is
believed to be compatible with RC4[TM], a proprietary
cipher of RSA Security Inc.
> ACSS consists of a key setup phase and the actual encryption or decryption
> phase."
>
> Apart from the potential legal issues (even if are just some litigious
> bastards suing people for fun/profit instead of real ones) surrounding
> said algorithms,
Precisely what legal issues would that be?
What we have here in ACSS is a multi-purpose cipher that can be used
for many things, including but not limited to encrypting ssh sessions.
And it is fast.
> isn't it OpenBSD policy (dunno about openssh) to not ship
> known broken crypto algorithms at all?
It is our policy to provide a secure replacement for telnet and
rlogin, so that people stop using telnet and rlogin. It is our
policy to release that software in a free fashion so that vendors
can supply their customers with a high quality implimention.
If you don't like what we write, you can run something else..
.
More information about the openssh-unix-dev
mailing list