The following essay clarifies the facts in the "End of SSL and SSH" article written by Kurt Seifried a few days ago. "On 17 December 2000, Dug Song released a new version of his well-known package of network sniffing tools, dsniff. . . .
The following essay clarifies the facts in the "End of SSL and SSH" article written by Kurt Seifried a few days ago. "On 17 December 2000, Dug Song released a new version of his well-known package of network sniffing tools, dsniff. The new release includes a tool named "sshmitm," which performs a man-in-the-middle attack (MITM) on the SSH-1 protocol. The following day, Kurt Seifried wrote an article titled The End of SSL and SSH? The article has generated a fair amount of discussion and buzz, not least because of its dire-sounding title. And there are certainly important implications to the appearance of sshmitm. Seifried's piece, however, contains several factual errors and misleading statements in discussing the details of SSH (secure shell), SSL (secure sockets layer), and MITM. This is unfortunate, since these shortcomings blur the essential message, which is valid and important to get out. This article attempts to correct some of those mistakes, and to clarify the issues involved."

See the Slashdot article as well.

The link for this article located at Read this full article is no longer available.