RE: Security Practices

From: List Account (list.account_at_cerdant.com)
Date: 05/17/05

  • Next message: Bryan McAninch: "RE: Security Practices" 
    To: "'David Busby'" <busby@edoceo.com>, <secureshell@securityfocus.com>
Date: Tue, 17 May 2005 14:38:45 -0400

    >-----Original Message-----
    >From: David Busby [mailto:busby@edoceo.com]
    >Sent: Tuesday, May 17, 2005 1:28 AM
    >To: secureshell@securityfocus.com
    >Subject: Security Practices
    >
    >
    >List,
    > I'm trying to get my a sshd setup as secure as possible,
    >some folks I
    >know what to send financial data over this. Right now I've
    >got 2048bit
    >RSA keys, aes256-cbc cipher (only), but all the MACs. I'm
    >thinking that
    >I'll make my key 4096bits to add some security. Which cipher is the
    >best? I picked AES256 cause I believe AES to be the best, 256 was the
    >largest. What is the difference between CBC and CTR? MAC of hmac-md5
    >is the best choice there correct? Assume best means most
    >secure even at
    >the sacrifice of performance. Thanks!
    >
    >imperium bin # ssh -V
    >OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
    >imperium bin # uname -a
    >Linux imperium 2.6.10-gentoo-r6-edoceo #4 Sun May 1 03:48:25 PDT 2005
    >i686 AMD Athlon(TM) XP 1700+ AuthenticAMD GNU/Linux
    >
    >/djb
    >

    What cipher is the best? Best is a relative term so I won't answer that.
    According to http://csrc.nist.gov/cryptval/des.htm, AES is the FIPS-Approved
    symmetric encryption algorithm of choice. In choosing the mode, cipher block
    chaining mode is a block cipher and ctr is a stream cipher. Do some research
    into these, as I can't answer what the specific (practical) differences are
    without a lengthy email. You're assumption on MAC is correct.

    My 2 cents,
    Nathan Grandbois
    Cerdant, Inc.
    614.717.0123 ext. 26

  • Next message: Bryan McAninch: "RE: Security Practices"

    Relevant Pages

    • A secure hand cipher?
      ... I have been looking for a way to make a secure hand cipher similar to the ... The "encryption device" is a standard set of scrabble tiles with one ... Text1: From Sherlock Holms ...
      (sci.crypt)
    • Re: QC-proof cipher?
      ... to conventional computation techniques, let alone quantum computing. ... one "secure" symmetric cipher too, ... One thing I wonder is people always say this about OTP but what ... is the difference between OTP and a NULL cipher. ...
      (sci.crypt)
    • Re: triple algorithms
      ... matching of algorithms I would advise you don't do this. ... AES is secure insofar as nobody has yet found a viable attack for it. ... creating a new cipher out of a collection of others. ... security depends only on the single assumption that factoring is hard. ...
      (sci.crypt)
    • Re: Which paper and pencil cipher to use ?
      ... >>> Can someone please recommend a reasonably secure paper and pencil ... >>> The cipher is to be used in an area where electronic methods are ... > practicality, and notes on its practical use from "Between Silk and ... > unbreakable if the running key texts were taken from the space of all ...
      (sci.crypt)
    • Re: convert stream ciphers into block ciphers
      ... For instance, secure ... like a four-round Feistel construction required, to make a stream cipher ... A four-round Feistel construction involves using the stream cipher four ...
      (sci.crypt)