[cryptography] preventing protocol failings

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Jul 13 23:40:43 EDT 2011


Andy Steingruebl <andy at steingruebl.com> writes:

>Hmm, do you know that many sysadmins outside high-security conscious areas
>that really cared about typing the root password over telnet, especially back
>in 1997?  I don't.  Academia and banks cared, and often deployed things like
>securid or OPIE/SKEY to get away from this problem, but your average IT shop
>didn't care at all.

>From a discussion on an international sysadmin list (most of whom were non-
academic) in about 1995 (not 1997) pretty much everyone went to ssh by
osmosis, no matter who you worked for.  The nice thing was that you could
retrofit it to almost any existing system (there's a patch in the ssh1 code
for 386BSD 0.1 that I contributed, for example, and that was a 1991 or 1992
software release), shut off telnet, and have one less thing to worry about.

>Maybe this calls for a survey/retrospective on reasons for adoption of SSH?
>:)

Maybe we travel in different circles, but both in sysadmin circles and in
instances where it's come up in the past on security lists as an example of a
successful security protocol, it reason for success has always been presented
as a telnet replacement (and other usage followed from that).

Peter.



More information about the cryptography mailing list