From owner-freebsd-security  Tue Dec 28  3:46:42 1999
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
	id 1D1C714ED6; Tue, 28 Dec 1999 03:46:41 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id 09D761CD814; Tue, 28 Dec 1999 03:46:41 -0800 (PST)
	(envelope-from kris@hub.freebsd.org)
Date: Tue, 28 Dec 1999 03:46:40 -0800 (PST)
From: Kris Kennaway <kris@hub.freebsd.org>
To: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Cc: Warner Losh <imp@village.org>,
	Fernando Schapachnik <fpscha@via-net-works.net.ar>,
	freebsd-security@FreeBSD.ORG
Subject: Re: OpenSSH vulnerable to protocol flaw?
In-Reply-To: <xzpbt7b77sa.fsf@flood.ping.uio.no>
Message-ID: <Pine.BSF.4.21.9912280345001.63174-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On 28 Dec 1999, Dag-Erling Smorgrav wrote:

>   Note that the new revision for the SSH protocol, proposed and
>   published as Internet Drafts [2],[3],[4] [5] makes use of
>   cryptographycally strong message authentication codes for
>   integrity checks that wont fail to these attacks.

Correct me if I'm wrong, but these describe the SSH v2 protocol, which is
implemented in ssh 2.x, not sh 1.x (and hence openssh 1.x).

Kris



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message