[Cryptography] Crypto best practices
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Mar 15 19:04:06 EDT 2017
Ralf Senderek <crypto at senderek.ie> writes:
>In an attempt to enhance security the wise people at OpenSSH have changed the
>defaults to only accept AES-CTR and AES-GCM in addition to some stuff they've
>come up themselves:
>
>chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
>
>This makes it hard for a standard-complient ssh client implementation to even
>talk to openssh servers without changing the defaults to include AES-CBC mode.
>A gread idea to fuel cryptographic progress.
It actually diminishes security because it makes it impossible to connect to
an OpenSSH server using a standards-compliant implementation. My code now
checks for this and returns an error message about OpenSSH being non-
compliant with the core SSH RFCs and sorry, I can't connect to that. Which is
kinda crazy, that the de facto reference server implementation isn't compliant
with the standard that it's used as the reference for, unless you specifically
reconfigure it to work properly.
Peter.
More information about the cryptography
mailing list