[cryptography] preventing protocol failings

Andy Steingruebl andy at steingruebl.com
Wed Jul 13 11:39:42 EDT 2011


On Wed, Jul 13, 2011 at 7:11 AM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Andy Steingruebl <andy at steingruebl.com> writes:
>
>>The way it for for everyone I knew that went through it was:
>>
>>1. Sniffing was sort of a problem, but most people didn't care
>>2. Telnet was quite a bit of a pain, especially when using NAT, and wanting
>>to do X11 forwarding
>>3. Typing in your password again and again over telnet (which did have
>>advantages over rlogin/rsh) was a pain.
>>
>>Enter SSH.  It solved #1, but the big boon to sysadmins to figure it out and
>>installed it was that it *really* solved #2 and #3, hence major adoption.
>
> Uhh, this seems like a somewhat unusual reinterpretation of history.  SSH was
> primarily an encrypted telnet, and everything else was an optional add-on
> (when it was first published it was almost rejected with the comment "this is
> just another encrypted telnet").  The big boon to sysadmins was that (a) you
> could now safely type in your root password without having to walk to the room
> the box was in to sit at the console and (b) you could build and run it on
> pretty much everything without any hassle or cost.  That combination was what
> made it universal.

Hmm, do you know that many sysadmins outside high-security conscious
areas that really cared about typing the root password over telnet,
especially back in 1997?  I don't.  Academia and banks cared, and
often deployed things like securid or OPIE/SKEY to get away from this
problem, but your average IT shop didn't care at all.

Or are you really suggesting we got massive SSH adoption because of
the security properties?   Certainly not in my experience...

Maybe this calls for a survey/retrospective on reasons for adoption of SSH? :)

- Andy



More information about the cryptography mailing list