Security Practices

From: David Busby (busby_at_edoceo.com)
Date: 05/17/05

  • Next message: Oliver Leitner: "Re: [infosec-discuss] x11 forwarding problems"
    Date: Mon, 16 May 2005 22:28:23 -0700
    To: secureshell@securityfocus.com
    
    

    List,
       I'm trying to get my a sshd setup as secure as possible, some folks I
    know what to send financial data over this. Right now I've got 2048bit
    RSA keys, aes256-cbc cipher (only), but all the MACs. I'm thinking that
    I'll make my key 4096bits to add some security. Which cipher is the
    best? I picked AES256 cause I believe AES to be the best, 256 was the
    largest. What is the difference between CBC and CTR? MAC of hmac-md5
    is the best choice there correct? Assume best means most secure even at
    the sacrifice of performance. Thanks!

    imperium bin # ssh -V
    OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
    imperium bin # uname -a
    Linux imperium 2.6.10-gentoo-r6-edoceo #4 Sun May 1 03:48:25 PDT 2005
    i686 AMD Athlon(TM) XP 1700+ AuthenticAMD GNU/Linux

    /djb


  • Next message: Oliver Leitner: "Re: [infosec-discuss] x11 forwarding problems"