Warning message at password prompt
Damien Miller
djm at mindrot.org
Fri Feb 15 00:15:44 EST 2002
On Thu, 14 Feb 2002, Edward Avis wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, 14 Feb 2002, Michael Stone wrote:
>
> >>enable unencrypted connections. I understand that the OpenSSH
> >>maintainers don't want to support this in the main release, but it is
> >>useful to me and to some others.
> >
> >People keep saying that, but you might as well benchmark it--I've
> >always seen that there's enough slowdown in other places that turning
> >off encryption doesn't really buy you much on a modern machine.
>
> I will certainly benchmark and post a summary of results to this list.
> With SSH v1 protocol there seemed to be a noticeable speedup, but I need
> to get some concrete numbers.
Don't use cipher none with protocol 1, then only thing protecting you
is an easily calculated CRC. protocol 2 has a proper MAC at least.
> This seems like a good moment to ask another question: should I prefer
> RSA or DSA authentication with protocol 2? I have heard mumblings that
> DSA is somehow less secure (or less banged-upon) than RSA, and that now
> the RSA patent has expired there's no reason to use DSA. DSA seems a
> lot slower, so I would like to switch if possible. I hope this question
> is not off-topic for the developers' list, it does need a real expert to
> answer it.
RSA is faster, I don't know of any attacks on DSA.
-d
More information about the openssh-unix-dev
mailing list