openSSH w/out openSSL

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



All,

I looked into compiling openSSH w/out openSSL and discovered it
would not save the ed25519 key if it contained a passphrase. Debugging
revealed the code is using the DEFAULT_CIPHERNAME = aes256-cbc, but
the availble ciphers w/out openSSL are of the aes*-ctr types.
Changing DEFAULT_CIPHERNAME = aes256-ctr in sshkey.c fixed the problem.
[1] has some discussion regarding aes256-cbc vs aes256-ctr but would
like another opinion on whether those points are valid(or references
to journal papers discussing the differences). Are there
reasons the default is set to aes256-cbc from a security standpoint?

If this is a valid fix, please push it upstream.

-- rick

[1] https://crypto.stackexchange.com/questions/18538/aes256-cbc-vs-aes256-ctr-in-ssh

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux