
Note:	This code is currently only known to compile and run on NetBSD,
	FreeBSD, and various recent versions of Linux.

	The system-dependent module for SVR4, in ssh_sys_svr4.[ch],
	is known to not work yet.  It's mostly there, but lack of an
	SVR4 system with IPv6 and time pressure led us to leave it
	unfinished for the 0.8 pre-release.

To compile and install this code, you may need to make some small changes
to the Makefile and to options.h.  In particular, the OS_HDR, OS_SRC,
and OS_OBJ lines in the Makefile, as well as the setting of SYS_BSD44/
SYS_LINUX/SYS_SYSV in options.h, are likely to require changes if you are
not building on NetBSD.

If you're building on a BSD system using BSD make, your system library
build rules will be used to build a library automatically in the lib/
subdirectory.  Otherwise, there are two lines (near a comment about
"if you have BSD make" in the Makefile that you will need to uncomment in
order to build the library by hand.

With those tasks completed, a quick "make depend && make && make install"
should do the trick.

This code includes two new ciphers, "fishblow" and "des3".  These work
around mistakes in the SSHv1 specifications of the "blowfish" and "3des"
ciphers.  Both are independently keyed in each direction, and replace
the usual CRC with a 32-bit truncation of HMAC-SHA1.  They use different
one-way functions of the protocol's "session key" to generate the keys
for each cipher direction and for the MAC; this ensures that an attack
that compromises one key will not compromise the entire system.  Also,
"fishblow" is actually a correct blowfish implementation; the "blowfish"
used by other SSHv1 implementations gets the byte order wrong in the
output; "des3" uses outer-triple-CBC mode, where as the standard SSHv1
"3des" cipher uses CBCM mode, against which there is at least one (albeit
theoretical) known attack.

A FreSSH client talking to a FreSSH server, if not explictly told to use
another cipher, will use one of these; they work around some of the more
serious known problems with the v1 protocol.
