Re: Strange crypto choices

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 2018-05-25, Yegor Ievlev <koops1997@xxxxxxxxx> wrote:

> The defaults for HostKeyAlgorithms option are: [...]
> Why does OpenSSH prefer older and less secure
> (https://safecurves.cr.yp.to/) ECDSA with NIST curves over Ed25519?

I asked Markus and Damien about this in the past but honestly don't
remember the answer.  Some of the potential reasons (lack of
standardization, no DNS fingerprint, ...) seem to no longer apply.
I've been wanting to hassle Markus and Damien about this again,
once I run into them in person, but that opportunity hasn't presented
itself yet.

> Also why are smaller key, curve and hash sizes preferred over bigger
> ones?

Reasonable trade-off between security and performance.

> The default ciphers are: [...]
> Why is CTR mode preferred over GCM?

GCM performs poorly without hardware support for carry-less
multiplication.

> The default MACs are: [...]
> Why is UMAC preferred over HMAC? UMAC is less widely known and does
> not have as much research done on its security as HMAC.

UMAC has a security proof and performs very well.

-- 
Christian "naddy" Weisgerber                          naddy@xxxxxxxxxxxx
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux