Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 19 Apr 2012 08:25:19 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: owl and openssh

Hi Daniel,

On Tue, Apr 17, 2012 at 05:45:09PM +0200, Daniel Cegie?ka wrote:
> Why Owl still uses the old version of OpenSSH? Does this have anything to
> do with PAM modules? Are you going to do in the near future updates to the
> current version of OpenSSH?

The version of OpenSSH currently in Owl is old by version number, but it
actually has backports of newer stuff, including all relevant security
fixes that we are aware of (and we kept watching for them).

No, this has almost nothing to do with PAM modules.

We should update OpenSSH before our next major release.  This task is
assigned to Dmitry V. Levin, but somehow he just does not manage to find
time for it lately.  The task is not trivial because we have patches,
some of which will need to remain in the updated package (e.g., the key
blacklisting).  The updated package may also need to be re-tested for a
variety of potential issues, such as timing leaks allowing for easy
username probing (an issue that we previously patched, but that might
not have been addressed upstream).

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.