[Cryptography] Crypto best practices
Ralf Senderek
crypto at senderek.ie
Wed Mar 15 14:43:41 EDT 2017
On Wed, 15 Mar 2017, Peter Gutmann wrote:
> AES-CTR, and by extension AES-GCM, have exactly the same problem, if you use
> them in their most straightforward modes where you memcpy() in a fixed or all-
> zero IV, you've got RC4 again.
In an attempt to enhance security the wise people at OpenSSH have changed
the defaults to only accept AES-CTR and AES-GCM in addition to some stuff
they've come up themselves:
chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
This makes it hard for a standard-complient ssh client implementation to
even talk to openssh servers without changing the defaults to include
AES-CBC mode. A gread idea to fuel cryptographic progress.
--ralf
More information about the cryptography
mailing list