| > I think you’re using short-hand Yes I was using short-hand. Because you're the only one here trying to make the stupid argument that OpenSSH code is somehow not trustworthy. Frankly, if you don't trust OpenSSH code for the reasons you suggest, then you should not be trusting any Operating System, whether BSD, Linux, Mac or Windows. As I said, OpenSSH is used extensively, INCLUDING in security-critical environments, the sort of security-critical environments that you can be sure have done their homework, even if they don't publish it. The simple fact of the matter is this: Given the widespread global deployment of OpenSSH for DECADES now, if there were shortcomings in the code, you would have heard of it because we would be seeing BILLIONS of compromised endpoints. Fact is, there aren't, unless you haven't bothered to update your system in the last decade. So you can talk about fuzzing or whatever until you are blue in the face, but widespread global deployment is hard to beat, because that's REAL WORLD, failed attempts at finding zero-day exploits and all ! |