Date: Mon, 25 Sep 2000 16:44:53 +0100 (BST) From: Scot Elliott <scot@london.sparza.com> To: "Brian F. Feldman" <green@FreeBSD.org> Cc: CrazZzy Slash <slash@krsu.edu.kg>, Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, freebsd-security@FreeBSD.org, Peter Pentchev <roam@orbitel.bg> Subject: Re: Encryption over IP Message-ID: <Pine.GSO.4.21.0009251642550.7013-100000@hagop.london.sparza.com> In-Reply-To: <200009251541.e8PFfM549719@green.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm not sure that's the point. If you're using SSH to tunnel between two networks, across the public Internet then there is a chance of your encrypted datastream being intercepted and analysed. If there's a large amount of data then the chance of the key being found and therefore your unencrypted data exposed - is much higher. Scot On Mon, 25 Sep 2000, Brian F. Feldman wrote: > > As a friend pointed out to me recently, long term SSH connections that > > move a lot of data are probably not very secure, as the SSH protocol does > > not re-generate it's encryption keys unlike something like IPSec... > > So, weigh that into your decision of whether SSH is appropriate or not; are > people on the inside going to be actively attempting a chosen-plaintext or > known-plaintext attack? A long term SSH connection which only you have > control over should really not have any need for rekeying; the stream should > not be able to be known by anyone else in its unencrypted form nor should it > be able to be modified at will before transport. > > For using SSH as an anonymous tunnel in hostile environments, I'd definitely > want to know it was rekeying at a decent interval. > > -- > Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / > green@FreeBSD.org `------------------------------' > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.21.0009251642550.7013-100000>