Host verification problem
Damien Miller
djm at mindrot.org
Mon May 16 13:27:05 EST 2005
Hadmut Danisch wrote:
[blah blah deleted]
> (BTW: Have a look at Bruce Schneier's latest cryptogram. He is
> pointing out a security problem with the host key file.
Arguably, the problem is not with ssh at all but with users who choose
weak host passwords / passphrases on public keys and the admins that
allow this behaviour.
> Maybe it would
> be better to care about security than to dance around the
> holy grail IPv6. Most providers don't even have plans to invent it.
> Focus on security, not religion.)
I see that you didn't pay attention long enough to get to the part where
he mentions that this problem is fixed.
-d
More information about the openssh-unix-dev
mailing list