Comment 14 for bug 54180
Revision history for this message
| Allison Karlitskaya (desrt) wrote Re: [Bug 54180] Re: [rfe] sshd ought to support 'none' cipher | #14 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Doing password authentication over 'none' cipher is indeed quite bad
(unless you're on a trusted local network) but RSA/DSA authentication
over an unencrypted transport is totally secure in that no key
information is leaked and it's not possible to authenticate without a
proper key.
Of course, you are more open to session hijacking, but that sort of goes
without saying.
On Wed, 2006-26-07 at 17:02 +0000, Colin Watson wrote:
> I am very unconvinced about this (none implies that *authentication*
> happens in plaintext, as far as I know!). I recommend that people
> wanting performance use the blowfish-cbc cipher.
>