[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] OpenSSH questions
- Subject: Re: [cobalt-security] OpenSSH questions
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Sun, 30 Jun 2002 17:40:32 +0000 (GMT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
JS> Date: Sun, 30 Jun 2002 10:15:36 -0500
JS> From: Jay Summers
JS> > So for the sake of security I have to give up compression?
JS>
JS> Yes, probably until they release a fix for it.
See also my earlier post re compression and security. Encrypting
compressed data (compressed via a non-bijective compressor) is a
decision that depends on personal paranoia level. Of course,
many uncompressed data formats give clues about what bytes are
expected in what position... so I'm not claiming non-bijective
compression is inherently dangerous.
In fact, I'd argue that the entropy of a compressed stream is
sometimes higher than that of an uncompressed stream, thus
_increasing_ security in certain instances. Alas, a cryptologist
I am not, so don't put too much faith in that without reading
works by those more skilled than myself.
For an interesting read,
bijective compression security
on Google.
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.