Security Practices

From: David Busby (busby_at_edoceo.com)
Date: 05/17/05

  • Next message: Oliver Leitner: "Re: [infosec-discuss] x11 forwarding problems"
    Date: Mon, 16 May 2005 22:28:23 -0700
    To: secureshell@securityfocus.com
    
    

    List,
       I'm trying to get my a sshd setup as secure as possible, some folks I
    know what to send financial data over this. Right now I've got 2048bit
    RSA keys, aes256-cbc cipher (only), but all the MACs. I'm thinking that
    I'll make my key 4096bits to add some security. Which cipher is the
    best? I picked AES256 cause I believe AES to be the best, 256 was the
    largest. What is the difference between CBC and CTR? MAC of hmac-md5
    is the best choice there correct? Assume best means most secure even at
    the sacrifice of performance. Thanks!

    imperium bin # ssh -V
    OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
    imperium bin # uname -a
    Linux imperium 2.6.10-gentoo-r6-edoceo #4 Sun May 1 03:48:25 PDT 2005
    i686 AMD Athlon(TM) XP 1700+ AuthenticAMD GNU/Linux

    /djb


  • Next message: Oliver Leitner: "Re: [infosec-discuss] x11 forwarding problems"

    Relevant Pages

    • RE: Security Practices
      ... Spending more time on server hardening and host IDS; ... setting the initialization vector for the block cipher operations. ... MACs only might make a meaningful difference, however, as MD5 is getting ... > most secure even at the sacrifice of performance. ...
      (SSH)
    • A secure hand cipher?
      ... I have been looking for a way to make a secure hand cipher similar to the ... The "encryption device" is a standard set of scrabble tiles with one ... Text1: From Sherlock Holms ...
      (sci.crypt)
    • Re: QC-proof cipher?
      ... to conventional computation techniques, let alone quantum computing. ... one "secure" symmetric cipher too, ... One thing I wonder is people always say this about OTP but what ... is the difference between OTP and a NULL cipher. ...
      (sci.crypt)
    • Re: triple algorithms
      ... matching of algorithms I would advise you don't do this. ... AES is secure insofar as nobody has yet found a viable attack for it. ... creating a new cipher out of a collection of others. ... security depends only on the single assumption that factoring is hard. ...
      (sci.crypt)
    • Re: More malicious bots than ever before
      ... If people don't secure their computers, ... A simple firewall and anti-virus software can stop it. ... and download the latest game from a BitTorrent site or IRC channel. ... The Mac Kook zealots in here don't know that niche machines like Macs ...
      (comp.sys.mac.advocacy)