On Thu 09 Mar 2000, Jacob Kuntz wrote:
> isn't the problem here that the server is misrepresenting itself? a one bit
> difference may not make a less secure key, but it could quite possibly be an
> indication of some deception. i worry that altering the client to ignore
> this type of error will o
isn't the problem here that the server is misrepresenting itself? a one bit
difference may not make a less secure key, but it could quite possibly be an
indication of some deception. i worry that altering the client to ignore
this type of error will only open us up to attack, be it man-in-the-middl
On Thu, 9 Mar 2000, Junichi Uekawa wrote:
> Isn't it that to decrypt 1024 key takes double the amount of
> CPU time than decrypting 1023 key, as long as there is no other
> method than brute-force method of trying every combination.
>
> IMO It is a serious security issue, when the system is half a
In Wed, 8 Mar 2000 11:10:11 -0500, de profundis Michael Stone <[EMAIL
PROTECTED]> cum veritas scribat
mstone> Are you really convinced that the security of a 1023 bit key is so much
mstone> worse than the security of a 1024 bit key that any amount of effort
mstone> necessary to transition to a ne
On Wed, Mar 08, 2000 at 09:18:06AM -0500, Branden Robinson wrote:
> Use the Source, Luke. Quit whining and start coding.
Why? On hosts where this is an issue, f-secure's ssh does the job just
fine. (Not to mention that I don't live in a free country and can't work
on ssh...)
--
Mike Stone
pgp
On Wed, Mar 08, 2000 at 08:56:34AM -0600, Nathan E Norman wrote:
> Eh, well, it is correct[1] behavior to toss out an error message in this
> case since it's notifying you of a *security* problem. In fact, it's
> telling you that the server key is half as secure as the server claims
> it is.
But
On Tue, Mar 07, 2000 at 11:26:12PM -0500, Michael Stone wrote:
> On Tue, Mar 07, 2000 at 03:13:36PM -0800, Joey Hess wrote:
> > Michael Stone wrote:
> > > Not very backward-compatible, is it? In some environments it's desirable
> > > to have the software behave the same on every platform; even if i
On Tue, Mar 07, 2000 at 11:26:12PM -0500, Michael Stone wrote:
> How is it right to spit out an error message on every connection that
> adds nothing to most people's use of the product? Especially when there
> exists a verbose mode for people who want lots of gory details about the
> efficacy of t
8 matches
Mail list logo
