Dan GoodinDec 17, 2023
Did you or someone you know work with SSH back in the late 90s and early 2000s? I'd love to get some perspective on something. Please DM me by Signal.
Show threadJeroen Ruigrok van der WervenDec 17, 2023

@dangoodin I think many of the BSD folks on the Fediverse can help with that. Boosted for visibility.

What I do remember, being in Europe, is the cryptographic export restrictions. Officially the RSA public keys were limited to 512 bytes, 3DES and RC4 being unavailable or restricted to 40/56 bits (depending on year). Don't think I ever saw IDEA being used due to the patents.

Similar problems with Kerberos 4 leading to eBones and Heimdall being a non-US implementation of Kerberos 5.

Show threadOsma A 🇫🇮🇺🇦Dec 17, 2023

@asmodai
Eh, ssh originated from Finland so it never was subject to export restrictions. The free version, anyway. Can't say for the commercial version, never used it.

Dan, I was in the same university with Tatu during the time he developed it. It became recommended, nearly mandatory tool very quickly.
@dangoodin

Show threadDan GoodinDec 17, 2023

@osma @asmodai

Thanks for that. Do you have any details about the password sniffer that was discovered on the university network and was the catalyst for TTu developing SSH?

Show threadBert Driehuis

@dangoodin Are you looking for this? https://www.ssh.com/about/history/ It's an advertorial, but it comes from the horses mouth.

At the ISP I cofounded in 1993, we were acutely aware of the risks of shipping passwords in plaintext. In my recollection, the issue with remote terminals was fixed quickly with SSH. We had telnet disabled as soon as we got ssh to work. Fixing mail and other networked apps with SSL/TLS took way longer.

SSH History - Part 1

The history of SSH started with a hacking incident and a frustrated researcher. First came the protocol, then the company. And the rest is history. Part 1.

Dec 17, 2023 at 11:57pmWeb