encryption protocols - are there any that are not secure in ssh?

From: Randall M Gunning (securityfocus_at_randygunning.com)
Date: 05/04/04

  • Next message: Dave Howe: "Re: encryption protocols - are there any that are not secure in ssh?"
    To: <secureshell@securityfocus.com>
    Date: Tue, 4 May 2004 09:22:39 -0700
    
    

    Recently, I had a user complain that he could not connect via ssh (or scp)
    to a remote system (outside of our company) after an upgrade to Solaris 9
    from Solaris 7. After doing some research, I found that the remote system
    only allowed the arcfour encryption protocol. I contacted the system admin
    for that system to find out why and the response I received was

    >Due to a security advisory years ago, we were advised that all cyphers
    >other than arcfour were susceptible to some form of security breaches
    >and advised to turn them off on all departmental machines. That hasn't
    >caused any problems with clients up until now.
    >
    >I don't know the exact nature of the problem, nor if I could find the
    >advisory from back then, but that's why xxx set up as it is.

    So, my question to the list is: Are there any known issues with the
    enryption protocols (blowfish, des, 3des, arcfour) that I should be worried
    about? Should I try to convince the other System Administrator to add one of
    the other protocols back?

    Adding the arcfour protocol to our systems would mean installing openssh for
    Solaris. The ssh that comes bundled with Solaris 9 and 10 does not support
    arcfour for some reason, Sun says they may add it in Solaris 10 at a later
    time. I really do not want to add another software package that needs to be
    maintained (this is primarily a maintenance issue, we run plenty of open
    source software here).

    One way or another, I have to get the systems to talk to each other so the
    user can send his files.

    Thanks,

    Randy


  • Next message: Dave Howe: "Re: encryption protocols - are there any that are not secure in ssh?"

    Relevant Pages

    • Re: No driver found for HP USB CD-Writer Solatis 10 s10_72 X86
      ... The following command would force the use of the Solaris scsa2usb ... USB mass storage device driver with your HP USB device: ... The device appears to implement a proprietary protocol ...
      (comp.unix.solaris)
    • Re: Connecting PC printers to Solaris
      ... > when connecting a PC printer to Solaris. ... > HP Jetdirect network protocol. ... Sounds like a smart alternative to the CUPS monster. ...
      (comp.unix.solaris)
    • Solaris 8 and up no longer answer udp Time protocol queries?
      ... tried to run rdate to one of my newer solaris servers. ... It looks like the netapps are sending udp packets with the "Time" protocol. ... The solaris 2.6 machines respond to them. ... If you run rdate from a solaris machine, it sends tcp packets, which work ...
      (SunManagers)
    • Re: rcp: lost connection on certain files only
      ... What OSes? ... I've seen this before in either Solaris 2.5.1 or 2.6, ... With the protocol? ... bug), it's certainly possible, but if you're running Solaris at both ends ...
      (comp.unix.solaris)
    • Re: rcp: lost connection on certain files only
      ... What OSes? ... I've seen this before in either Solaris 2.5.1 or 2.6, ... With the protocol? ... bug), it's certainly possible, but if you're running Solaris at both ends ...
      (comp.sys.sun.admin)