> converse among themselves. If data is buffered up into blocks they
If you're using zlib on the streams you already *have* sufficient
packetization...
On 29 Oct 2000, Pierre Abbat <[EMAIL PROTECTED]> wrote:
> The attacks on synchronous stream ciphers (not to be confused with
> self-synchronizing stream ciphers, which are different sort of
> animal) are of the sort where Mallory flips a bit, not knowing what
> the plaintext is, but knowing that
On 30 Oct 2000, "Mark W. Eichin" <[EMAIL PROTECTED]> wrote:
> Instead of making up some hashing key-generation method, please look
> at RFC2104 "HMAC" (and the six or seven followup rfc's on specific
> instantiations.)
>
> Also, for rsync, I don't see why you'd particularly want a stream
> cipher
Instead of making up some hashing key-generation method, please look
at RFC2104 "HMAC" (and the six or seven followup rfc's on specific
instantiations.)
Also, for rsync, I don't see why you'd particularly want a stream
cipher (it isn't interactive, you have "large" packets to work with)
and I mig
>Z number of people will use stream cyphers when they really should be
>using ssh, because there are active attackers on the network and the
>data is security-critical. This despite that the documentation will
>still recommend using SSH as a first choice.
The attacks on synchronous stream cipher
On 28 Oct 2000, Bennett Todd <[EMAIL PROTECTED]> wrote:
> I think you've got a plan that will not weaken rsync, and that will
> add some valuable security in some settings. It's nicely
> complementary to rsync-over-ssh. Those of us who use rsync-over-ssh
> haven't even figured out what the daemon
On Sun, Oct 29, 2000 at 02:54:26PM +1100, Martin Pool wrote:
> On 28 Oct 2000, Nicolas Williams <[EMAIL PROTECTED]> wrote:
> > My guess is that if the SSHv2 spec issues are cleared up then SSHv2 is
> > the best possibility for rsync. I don't mean using SSH with rsync as is
> > done now, but rather
On 29 Oct 2000, Martin Pool <[EMAIL PROTECTED]> wrote:
> Although I would prefer a cypher with a nonproprietary design, RC4
> does seem to be widely used and trusted. Schneier also mentions SEAL;
> I'll look at it later.
It turns out that SEAL is patented (patent pending?) by IBM, so it's
even
On 28 Oct 2000, Nicolas Williams <[EMAIL PROTECTED]> wrote:
> If I may I'd like to suggest an alternative: use Diffie-Hellmann for the
> key exchange and use the DH key as the symmetric encryption key. This
> gives you anonymous encrypted sessions. Add an authentication feature
> (basic, GSS-API,
On 28 Oct 2000, Bennett Todd <[EMAIL PROTECTED]> wrote:
> 2000-10-28-20:03:19 Martin Pool:
> > > As for licensing, the only requirement is to give credit...
> >
> > Fine.
>
> If you've made peace with OpenSSL licensing, then I'd like to
> suggest:
I thought it was more of a problem than it app
On Sun, Oct 29, 2000 at 11:03:19AM +1100, Martin Pool wrote:
> On 28 Oct 2000, Rich Salz <[EMAIL PROTECTED]> wrote:
> > If you just embed arcfour, what's your key management plan?
>
> key = MD4(salt, user, password, possibly other stuff)
>
> The salt is sent on each new connection; at the moment
On 28 Oct 2000, Rich Salz <[EMAIL PROTECTED]> wrote:
> > However, I don't think SSL will cope with two fork'd processes trying
> > to do SSL simultaneously, because the library assumes complete control
> > over the local end of the socket.
>
> OpenSSL doesn't *have* to work that way, it's just th
On 28 Oct 2000, "Peter T. Breuer" <[EMAIL PROTECTED]> wrote:
> It can't. That's what I said. if the key were constant, the code would
> be trivial to crack. So you must change the key frequently.
arcfour is a stream cypher that behaves similarly to RSADSI's RC4(tm)
cypher, described in s17.1 of
> However, I don't think SSL will cope with two fork'd processes trying
> to do SSL simultaneously, because the library assumes complete control
> over the local end of the socket.
OpenSSL doesn't *have* to work that way, it's just that the default
implementation that most people use works that w
On 27 Oct 2000, Bennett Todd <[EMAIL PROTECTED]> wrote:
> 2000-10-27-21:26:36 Martin Pool:
> But OpenSSL isn't just the reference SSL lib these days, it's also
> the reference general-purpose crypto library. OpenSSH doesn't talk
> SSL, it just uses the crypto routines out of OpenSSL. In fact,
> O
On 27 Oct 2000, Bennett Todd <[EMAIL PROTECTED]> wrote:
> 2000-10-27-22:02:28 Martin Pool:
> > In the end, perhaps offering weak security as an alternative is a
> > bad idea, as people may be tempted to use it rather than doing a
> > little more work to install ssh. On the other hand, sometimes
>
On 28 Oct 2000, "Peter T. Breuer" <[EMAIL PROTECTED]> wrote:
> Ssh is open software. If there is a bug, it can be fixed by writing to
> the authors. If you mean Windows, use Putty. If you mean solaris,
> ask the people who run the free solaris software sites to add a
> correctly compiled ssh pack
On 27 Oct 2000, "Peter T. Breuer" <[EMAIL PROTECTED]> wrote:
> Rsync does its own compression, which is
> encryption, as you don't know where the compressed bits come from even
> if you guess the compression used.
It's true that existing and rearranged data is not transmitted, but
inserted data i
2000-10-26-18:13:28 Harry Putnam:
> OK, upgrade it is, but do you know of any rpms available? 2.4.4 seems
> to be the most recent rpm shipping with redhat=7.0
If you just fetch the tarball from the rsync home
http://samba.anu.edu.au/rsync/>, you can put that in
/usr/src/redhat/SOURCES/, cd to th
On 27 Oct 2000, Dave Dykstra <[EMAIL PROTECTED]> wrote:
> There's been a lot of talk about incorporating openssl into rsync but
> it's never been done.
My previous message explains why it seems hard, but perhaps I've just
missed something.
> I'm actually much more interested in the active attac
On 27 Oct 2000, Neil Schellenberger <[EMAIL PROTECTED]> wrote:
> I'm absolutely no expert on it (e.g. never programmed with it), but
> perhaps you could simply use OpenSSL (which is, after all, what
> OpenSSH is implemented on top of anyway). Then you'd get high grade
> encryption, certificates,
Dave Dykstra <[EMAIL PROTECTED]> writes:
> On 26 Oct 2000 15:13:28 -0700, Harry Putnam wrote:
> > Thanks for the detailed reply. Maybe my trouble can be fixed by upgrading.
> >
> > > rsync 2.4.1 had known problems with hanging ssh. Are you initiating from
> > > the Linux side? I think it onl
On 26 Oct 2000 15:13:28 -0700, Harry Putnam wrote:
> Thanks for the detailed reply. Maybe my trouble can be fixed by upgrading.
>
> > rsync 2.4.1 had known problems with hanging ssh. Are you initiating from
> > the Linux side? I think it only affects the initiating side. Please
> > upgrade t
Obviously ssh is a source of a large fraction of the problems people
have in using rsync. Most of the problems seem to come from the fact
that we have to run an external program, and so we get lockups because
of operating system or rsync bugs in blocking/nonblocking
pipes/sockets etc.
I'm look
Dave Dykstra <[EMAIL PROTECTED]> writes:
Thanks for the detailed reply. Maybe my trouble can be fixed by upgrading.
> rsync 2.4.1 had known problems with hanging ssh. Are you initiating from
> the Linux side? I think it only affects the initiating side. Please
> upgrade to 2.4.6. I believe
On Sat, Oct 21, 2000 at 05:04:56AM -0700, Harry Putnam wrote:
...
> > - versions of OS at both ends
>
> Redhat linux 6.2FreeBSD-4.0
>
> > - versions of ssh at both ends
>
> ssh-1.2.27-5i SSH Version OpenSSH-2.1, protocol versions 1.5/2.0.
> Compiled wit
[ NOTE: Never saw this post appear on the group so resending -ed]
Another set of Stats on an interminable hang:
Transmission is via ssh on a local network. (ethernet)
rsync command line:
rsync -avvz -e ssh News satellite:~/
The above command ran about half way thru then hung.
> As I have men
Ian,
> Anybody got any ideas why i could rsync without problems using 2.4.6 a few
> weeks ago and not now?
As I have mentioned before these sorts of reports are impossible to
answer without basic information. The info needed is:
- versions of OS at both ends
- versions of ssh at both ends
- ve
On Thu, Oct 19, 2000 at 02:23:31PM -0400, Neil Schellenberger wrote:
> > "ian" == ian stanley <[EMAIL PROTECTED]> writes:
>
> ian> Anybody got any ideas why i could rsync without problems
> ian> using 2.4.6 a few weeks ago and not now?
>
> Ian,
>
> Has the total "expected" transfer
> "ian" == ian stanley <[EMAIL PROTECTED]> writes:
ian> Anybody got any ideas why i could rsync without problems
ian> using 2.4.6 a few weeks ago and not now?
Ian,
Has the total "expected" transfer time increased over the past few
months? My impression is that most of the EOF/hang
I have been having a number of problems with rsync over the last few months
Originally we were using an early version of 2.x but after reading some of
your posts we upgraded to 2.4.6 which seemed to solve then problems - at
least in the short term.
That was until we did a release earlier this
31 matches
Mail list logo
