RE: Security Practices

From: Bryan McAninch (bryan_at_mcaninch.org)
Date: 05/17/05

  • Next message: Robert Hajime Lanning: "Re: bash_logout and sftp"
    To: <secureshell@securityfocus.com>
    Date: Tue, 17 May 2005 15:34:21 -0500
    
    

     
    The AES attack described by Dan Bernstein is impractical, as it requires an
    enormous amount of known plaintext and is very timing sensitive.
    Furthermore, the issue does not lie within the algorithm itself, but rather
    how it is implemented. The paper specifically states that OpenSSL is
    vulnerable, which makes OpenSSH vulnerable to the attack as well.

    Stick with AES.

    Cheers,

    Bryan

    -----Original Message-----
    From: Nigel Stepp [mailto:stepp@atistar.net]
    Sent: Tuesday, May 17, 2005 12:14 PM
    To: David Busby
    Cc: secureshell@securityfocus.com
    Subject: Re: Security Practices

    David Busby wrote:
    > List,
    > I'm trying to get my a sshd setup as secure as possible, some folks
    > I know what to send financial data over this.
    ...
    > aes256-cbc cipher (only)

    http://cr.yp.to/antiforgery/cachetiming-20050414.pdf

    You may want to be aware of this paper. I believe the results are still
    preliminary, but it's something to follow.

    > I'm thinking that
    > I'll make my key 4096bits to add some security.

    Heh, is your name Avi? (cryptonomicon reference, couldn't resist) That's
    probably overkill, but that assumes no codebreaking paradigm shifts or what
    have you.

    > Assume best means most secure even at
    > the sacrifice of performance. Thanks!

    If you're going to use 4096 bit keys, you may want to move away from md5 as
    a hashing algorithm, since it has been shown to have some measure of
    weakness. You might look at SHA256, SHA512, or something like whirlpool.
    I'm not an expert, however, and I'm not sure how proven whirlpool really is
    (or about the measure of support of these hashes in ssh).

    > /djb

    --
    :wq
    

  • Next message: Robert Hajime Lanning: "Re: bash_logout and sftp"