On 27 Oct 2000, Bennett Todd <[EMAIL PROTECTED]> wrote:
> 2000-10-27-22:02:28 Martin Pool:
> > In the end, perhaps offering weak security as an alternative is a
> > bad idea, as people may be tempted to use it rather than doing a
> > little more work to install ssh. On the other hand, sometimes
> > something is better than nothing.
>
> The design effort may be slightly greater, but the implementation
> effort of doing good crypto is no more than the implementation
> effort of doing weak crypto, given good crypto libraries like
> OpenSSL.
My proposal would have been much smaller (~100loc) because it ignored
many issues, including server authentication and session integrity.
> If you don't want to do a sophisticated crypto protocol
> with public key algorithms to simplify key management, just use a
> strong symmetric cypher and let the user arrange to get matching
> keys on each end. Good keys can be sucked out of /dev/random and
> adequate ones for many purposes can be made by something like
> (ps axuww;vmstat;netstat -a;w)|md5. Provide a few scripts for making
> keys given different available resources and the result should be
> reasonably easy to use.
That's basically what I was talking about, although I planned to base
the key on the password plus some salt rather than requiring it to be
set at both ends.
> I wouldn't like to see a poor crypto implementation added to rsync,
> that draws bad press.
Yes, and for this reason perhaps it's better to not commit it. If
it's there, people might use it when it's inappropriate and get into
trouble.
> It's possible you may find interest in a paper I've done on crypto
> for programmers <URL:http://people.oven.com/bet/crypto/>.
Thanks; it's a nice summary.
--
Martin Pool, Linuxcare, Inc.
+61 2 6262 8990
[EMAIL PROTECTED], http://www.linuxcare.com/
Linuxcare. Support for the revolution.
PGP signature
