I'm not particularly concerned about this ability to decrypt ssh traffic. What seemed nefarious at first (and which following the post I've seen nobody else has investigated) isn't exactly cracking ssh to begin with. If you follow the link that Jonathan Hutchins provided, you'll see the product. Click on it and you will wind up here: http://www.sandstorm.net/products/netintercept/ A quick glance at the product description gives you this: Decrypts SSH2 from Modified Servers Monitors Traffic while Invisible on the Network Finds Cleartext Passwords Offers Secure Remote Administration Filters or Records all Your Traffic Enables Users to Drill Down through Connections Catches Header and Port Spoofing Reassembles Packets into Streams Full-Content Inspection & Analysis View Email, Web Pages, and File Contents Note that "Modified Servers" is used in this instance. The point here is this device/software is designed to allow an employer to keep tabs on their systems, and what their users are doing with them. IANAL, but I'm pretty sure there is precedence out there that makes this perfectly legal, considering the systems are owned by the company, and so is the employee while on the clock. (Or using the systems even while off the clock, for that matter.) While it has been discussed that sending an e-book or some other such item could put the company at risk, this stuff doesn't really decrypt those anyway. If you've independently encrypted a file, and your activity has put you on the radar, I expect human resources would be within their rights to terminate you if said activity is in violation of the acceptable use policy of the company. While it's possible there may be a company stupid enough to use a product like this without having an AUP in place, I doubt it. To much $$$ at stake. Just my $.02 Euro Dustin -----Original Message----- From: owner-kclug@marauder.illiana.net [mailto:owner-kclug@marauder.illiana.net] On Behalf Of Jonathan Hutchins Sent: Thursday, November 20, 2003 9:35 AM To: kclug@kclug.org Subject: Netintercept and SSH Decryption There's a spyware program advertised in the December SysAdmin, Netintercept from www.sandstorm.net. Clearly pitched for employers to spy on employee activity, it offers some disturbing features: "View Email, Webpages, Images & File Contents". "Guaranteed Invisible & Silent on Your Network". "Custom Reports Including Cleartext Passwords". This is not exceptional, except for the hint that they're decrypting passwords, which might not be necessary if they can link to the actual hosts and pull them from the original password files. More troubling though is this: "Patent Pending SSH & SSL Decryption". Now, I know that the government has been pressing encryption providers to leave back doors for NSA and other "legitimate" surveillance, but I didn't think that SSH had caved on this. I was under the impression that SSH was still un-cracked. Can they actually offer to decrypt SSH streams now?