>>>>> "DM" == Damien Miller <djm at mindrot.org> writes: DM> Lots of cryptographers also think that AES-GCM is fiendishly difficult DM> to get right, especially wrt timing leaks. That, and it's relative DM> newness in OpenSSH are the reasons it is not the default. Indeed, I should have added a paragraph about that. My understanding is that the consensus is that openssl has fixed the early bugs in its implementation and gcm therefore is safe enough to promote. -JimC -- James Cloos <cloos at jhcloos.com> OpenPGP: 1024D/ED7DAEA6
