Re: default cipher types in openssh

From: Caitlen (caitlen888@yahoo.com)
Date: 10/04/01 

Date: Thu, 4 Oct 2001 08:09:01 -0700 (PDT)
From: Caitlen <caitlen888@yahoo.com>
To: security@FreeBSD.ORG

Great... it's good to know that AES is the default
now.

I'm running
FreeBSD 4.4-STABLE #0: Thu Sep 27 17:50:26 ADT 2001
 root@pain.nb.vibe.net:/usr/src/sys/compile/PAIN i386

and it looks like the upgrade to openssh 2.9 was just
committed. So I'll have to make world today while I'm
working on something else.

I'm glad it's defaulting to aes 128, but we should ask
ourselves about the rest of the allowable cipher
types. IS arcfour something we want to leave in
there? Is it really needed? Also, we should think
about the order of preferrance... I realize that most
people who know anything about cipher types are going
to alter this ciphers parameter based on personal
preferrances, but we should get something that's
reasonable fast/secure for most people who can't be
bothered.

As for AES at 256 or 128 bit... which do you think we
should issue as the default. Certainly AES256bit is a
more secure cipher.... however it probably comes at a
much higher cpu cost. So maybe it's best not to make
it the default.

Is there any reason we need to keep cast128 and
arcfour in the default ciphers string for the client
or the server? I can understand keeping it in the
client configuration in case of connecting to legacy
hosts, but isn't almost everyone with protocol 2 ssh
capable of doing 3des or blowfish atleast?

I still think changing the default logging facility to
"security" might be a good idea.. or atleast logging
"auth" by default :)

Anyways, I'm personally setting Ciphers AES256 in my
sshd_config files and ssh client configuration files
(including securecrt from vandyke on my windoze box).
Yeah it may waste more horse power, but I feel
safer... Though I seriously doubt anyone can crack
AES128 at the momment. Or 3des for that matter....

__________________________________________________
Do You Yahoo!?
NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: My little something...
    ... So where DES and FEAL, or even Knufu for that matter. ... been applied to a wide variety of ciphers from balanced feistels [DES, ... There is no reason to assume a future attack would apply only to AES. ...
    (sci.crypt)
  • Re: My little something...
    ... There is no reason to belive it is LESS secure. ... ciphers are cascaded and 1 of them fails, the second one still keeps the ... You are wrong to classify the threat (not the attack) as unknown, ... Does a break of AES imply a break of Twofish? ...
    (sci.crypt)
  • Re: Multiple encryption: again, and again, and again...
    ... > plaintext/ciphertext pair, encrypt plaintext with all possible AES keys, ... Then even if one was using pure AES. ... was proven long ago That if you use two ciphers in series. ... what may be considered a stronger nonlength changeing encryption. ...
    (sci.crypt)
  • Consolidating - adacrypt
    ... exact definition of that class of ciphers. ... AES, being is a system that uses tensor-defined, three-dimensional ... They still have a lot of innate structure but it is already ... Clapping a change-of-origin vector onto the defining position vector ...
    (sci.crypt)
  • Re: Generate a one-time pad from say a 256bit key?
    ... Block ciphers have a property ... I truly believe that AES is both efficient and can ... secure and fast then sure go for it. ... etc...Serpent and RC4 are not standards. ...
    (sci.crypt)
Quantcast