Re: ssh .vs. rsh

From: Atro Tossavainen (atossava_at_cc.helsinki.fi)
Date: 02/02/04

  • Next message: Adriano Holanda: "Connection closed by ssh server in Digital Unix 4.0"
    To: secureshell@securityfocus.com
    Date: Mon, 2 Feb 2004 08:45:30 +0200 (EET)
    
    

    Sasha,

    RLS>>> If you're not worried about encrypting the X session then just turn off
    RLS>>> the cypher or select none on your client. The login is still encrypted.

    AT>> You're mistaken. If you select the "none" cipher, nothing is encrypted.

    ASK> If you are using a private key for authentication than it is secure to
    ASK> use none cipher -- your password protects your key and is never
    ASK> transferred to the server.

    This is a specific case that was not explicitly discussed above. In
    that post, Robert L Sowders" <rsowders@usgs.gov> mistakenly claimed that
    _all_ logins would still be encrypted even with the "none" cipher, which
    is of course not the case. Even the RSA exchange is not encrypted in
    the case you mention, but it doesn't mean anything as no confidential
    or useful (to an attacker) information is exchanged.

    > BTW: http://www.eskimo.com/~weidai/benchmarks.html
    > Looks like even 3DES can encrypt ~10 MB/s on a recent computer, so
    > probably encryption can not be a bottleneck.

    You have to remember we're not talking about hand-optimized assembly,
    and we're not talking about x86 processors. The original poster (Asif
    Iqbal) was asking about SSH performance on Solaris. So much for Visual
    C++ .NET 2003 and x86 assembly results being even remotely interesting
    to the case when you have to deal with crappy UltraSPARC CPUs :-)

    From the Crypto++ page you referred to:

    "All were coded in C++, compiled with Microsoft Visual C++ .NET 2003
     (whole program optimization, optimize for speed, P4 code generation),
     and ran on a Pentium 4 2.1 GHz processor under Windows XP SP 1. 386
     assembly routines were used for multiple-precision addition and sub-
     traction. SSE2 intrinsics were used for multiple-precision multiplication."

    Yes, even 3DES can encrypt plenty on a recent x86 computer with hand-
    tuned assembly encryption routines.

    As far as I am aware, neither OpenSSH or SSH Comm Sec Corp. SSH2 use any
    assembly language optimisations whatsoever. SSH1 used to have some by
    way of the GMP library, but it probably meant very little in the grand
    scheme of things, and OpenSSH no longer uses GMP for anything if it ever
    did, opting to use OpenSSL for all encryption work instead.

    The performance of SSH on all platforms could probably benefit from hand-
    coding the encryption routines in assembly language, but you have to ask
    the developers whether it's worth the man-hours, and additionally, there
    probably is a principal issue involved in why (Open)SSH no longer use GMP.

    -- 
    Atro Tossavainen (Mr.)               / The Institute of Biotechnology at
    Systems Analyst, Techno-Amish &     / the University of Helsinki, Finland,
    +358-9-19158939  UNIX Dinosaur     / employs me, but my opinions are my own.
    < URL : http : / / www . helsinki . fi / %7E atossava / > NO FILE ATTACHMENTS
    

  • Next message: Adriano Holanda: "Connection closed by ssh server in Digital Unix 4.0"

    Relevant Pages

    • Re: Password Security
      ... so really doesnt need encryption. ... hacker has used a packet sniffer to get hold of a login packet. ... through our data server defences. ...
      (microsoft.public.win32.programmer.networks)
    • [VulnWatch] defeating Lotus Sametime "encryption"
      ... clients use RC2 to encrypt the password, ... the key along with the login packet allowing an attacker to decrypt the ... For example, Lotus Sametime provides encryption, logging, ... 00 -- length of opaque for auth data ...
      (VulnWatch)
    • [Full-Disclosure] defeating Lotus Sametime "encryption"
      ... clients use RC2 to encrypt the password, ... the key along with the login packet allowing an attacker to decrypt the ... For example, Lotus Sametime provides encryption, logging, ... 00 -- length of opaque for auth data ...
      (Full-Disclosure)
    • Re: nooB PhP login using MySQL
      ... The process is to take the supplied username and password and do a ... database query to see if there is a row containing that combination. ... commonly used method for login encryption? ...
      (comp.lang.php)
    • Re: chr() and strconv() do not work consistently
      ... encrypted password in your login table if this is so then it's not the most ... The preferred way is to create a hash code from the password ... Becouse my encryption ... I tried to replace StrConv() with chrbut it did not help. ...
      (microsoft.public.vb.general.discussion)