Date: Tue, 24 Nov 2015 21:29:44 +0100 From: Aaron Zauner <azet@azet.org> To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= <des@des.no> Cc: Benjamin Kaduk <kaduk@MIT.EDU>, freebsd-security@freebsd.org, freebsd-current@freebsd.org, Dewayne Geraghty <dewaynegeraghty@gmail.com> Subject: Re: OpenSSH HPN Message-ID: <20151124212613.4ff9b25ea0@80601bfc61c7744> In-Reply-To: <86egfu9z0j.fsf@desk.des.no> References: <56428F59.5010908@FreeBSD.org> <86y4e47uty.fsf@desk.des.no> <56436F4B.8050002@FreeBSD.org> <86r3jwfpiq.fsf@desk.des.no> <20151111181339.GE48728@zxy.spb.ru> <86io58flhk.fsf@desk.des.no> <20151111184448.GR31314@zxy.spb.ru> <CAGnMC6rMaY2a_F4qpxX4rB6n6n-tvijH74jxf8j94-2V8r_V8g@mail.gmail.com> <alpine.GSO.1.10.1511122120050.26829@multics.mit.edu> <86egfu9z0j.fsf@desk.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
--fdj2RfSjLxBAspz7 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Hi, Please forgive my ignorance but what's the reason FreeBSD ships OpenSSH patched with HPN by default? Besides my passion for security, I've been working in the HPC sector for a while and benchmarked the patch for a customer about 1.5 years ago. The CTR-multi threading patch is actually *slower* than upstream OpenSSH with AES in CTR mode. GCM being, of course, the fastest mode on AESNI plattforms. The NULL mode is a security concern as some have noted, I can only imagine that the window-scaling patch is of such importance? Thanks, Aaron --fdj2RfSjLxBAspz7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWVMi2AAoJEOTbZJL9ubXVrCUQAOrENcA7FCWx7zONIjZWy0iq Q4rdk1vZmew7JD8M4pJ4EQLi86RqtLcZOYOX311n2Myj78oQfkaKG/0wkGkBSm3B MXIrmeY3fP0YJWYaB/NIhV0tC5sQ4sanQIhLSniu1hmYuCZi8Qvp9MbQeGhcLSFF cY7HKWZ3xmo3d994APe8VOYsekVRk0Cp3+3R2nPBcqbZZmLep++3avPBDWpqMVxf 7lDwPvcF7U9pSs/fQZ4Wz5JX98vyYCW16atMaA1VPyay0uaIhKEEiuiKbh0iyEnl DC8/6IT3YBd54BOmgqByKWHW5l8KS1CUbk91potLkW56rTPHqjF9H6VcefQPzzGn 68bve655W0IUU4LGPfwjMc9g8GPE4cxY7MX2eYU8qC1aIPRH/i16oamvkeclCtEQ XgaHPAmqV8vDVa/P+THQlC7lIje8c3b79k6HQe4MmoRZr4impxjs2Gzy2rZJ9pgj we64Z7SjI76oq5q/nmGVJZChneXSdf/VV9lrEo/odrZTjQW9twuENJVwh8trDyPz L6WTwJ1dWX9GjG1i19OnGZCoE/5N9NlTNuiUThc4U/xESaMxc53nEIfB5+40nIhv x3sKaN0wqeUunCJ7XCxLkzu0g8FPPS3XrHIFlLcISpn5cjJCB/09UdclUS+zKR01 PFb2fGazLpJX3/Lx6fXc =jJSH -----END PGP SIGNATURE----- --fdj2RfSjLxBAspz7--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151124212613.4ff9b25ea0>