Confirmed users
502
edits
Talk:Security/Guidelines/OpenSSH: Difference between revisions
no edit summary
JanZerebecki (talk | contribs) |
Gdestuynder (talk | contribs) No edit summary |
||
| Line 18: | Line 18: | ||
== Security trade off for aes128-gcm ? == | == Security trade off for aes128-gcm ? == | ||
After reading https://stribika.github.io/2015/01/04/secure-secure-shell.html#changelog and http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in-openssh.html I get the impression that aesX-gcm and aesX-ctr in EtM mode all have the downside of sending the packet size in plain text. Is there any other reason for avoiding aesX-gcm? If not then they should be added or aesX-ctr should be removed. (Only leaving chacha20-poly1305 is probably not a good idea because of the need for backwards compatibility.) -[[User:JanZerebecki|JanZerebecki]] ([[User talk:JanZerebecki|talk]]) 07:58, 16 April 2015 (PDT) | After reading https://stribika.github.io/2015/01/04/secure-secure-shell.html#changelog and http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in-openssh.html I get the impression that aesX-gcm and aesX-ctr in EtM mode all have the downside of sending the packet size in plain text. Is there any other reason for avoiding aesX-gcm? If not then they should be added or aesX-ctr should be removed. (Only leaving chacha20-poly1305 is probably not a good idea because of the need for backwards compatibility.) -[[User:JanZerebecki|JanZerebecki]] ([[User talk:JanZerebecki|talk]]) 07:58, 16 April 2015 (PDT) | ||
=== Reply from kang === | |||
Indeed, this is a mistake. I added it as default for modern. | |||
Potentially, we could split into Modern with CHACHA20 only, Intermediate with CHACHA20+AES* and Old (which would be the current intermediate). | |||
I suspect we'll do that after the next round of "commonly used distro upgrade" so that most have CHACHA20 support and able to follow moderm. Hopefully, third party clients such as Putty, JuiceSSH, etc. will also follow. | |||