From owner-freebsd-security@freebsd.org  Tue Nov 24 20:29:49 2015
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E5FA5A35B4A
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Tue, 24 Nov 2015 20:29:48 +0000 (UTC) (envelope-from azet@azet.org)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com
 [IPv6:2a00:1450:400c:c09::234])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 6E0EA1CE1
 for <freebsd-security@freebsd.org>; Tue, 24 Nov 2015 20:29:48 +0000 (UTC)
 (envelope-from azet@azet.org)
Received: by wmuu63 with SMTP id u63so112385232wmu.0
 for <freebsd-security@freebsd.org>; Tue, 24 Nov 2015 12:29:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=azet.org; s=gmail;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:content-disposition:in-reply-to:user-agent;
 bh=I1cjIwDum00Mtr6ITLCfRGXXhMOZJ5ev+9VdLbjCSgc=;
 b=H3x3fQmoEDnW6UVpdrqOlOeJsUOFrxQgZxf7Qnyc4Ibgv9Iz6vEuRtzIximexPOzv1
 o+YuW725Yg+vc4bHH3dY/AzEVxqL0S5y9fJN0QRe3b4UZGdvyElbBayKyZv7r2BQDwlT
 Eszgj4r9zeAuxLhsXQjtToGaYOa3KZDFMbkHA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-type:content-disposition:in-reply-to
 :user-agent;
 bh=I1cjIwDum00Mtr6ITLCfRGXXhMOZJ5ev+9VdLbjCSgc=;
 b=a7W+nvh1v2sY7o2jRuk0EmE0y/Rr0MKtbYt+l1ntf9/x4eJqtrTAInsqCrDFC1soxU
 M9CgP41J6gMLCv2z+cQ27+nkcBxFuZjyyTK/o5v9tNUL68U4COS59u3TNBEltCMVuq4q
 IUu2J534eVh7zZIEskywarts/SthB4hQA3zgEl9KAHSxb4rjCXMCYu5gUjh7y6DXmoNv
 cGtdM2ksu3+PKfugdyhRd1YyyaiIcHlzUIOTCjavqezE0KdBQLfZKkfMKQU7fTlhNN/A
 GuyJRXb3xhFShZqjiOEPjqBpcTGxdU49ExAuBD9XI7+gFoX8j1cjNROBHu2MwEAVvKrm
 X+3Q==
X-Gm-Message-State: ALoCoQlmX4yg+X6Dzh5xbSV9Mfo60fEldxAb62c5yCrgKOmDE1eBTjYHIEAP4zUzOc4/qlLG2+o3
X-Received: by 10.194.21.170 with SMTP id w10mr45287780wje.29.1448396986639;
 Tue, 24 Nov 2015 12:29:46 -0800 (PST)
Received: from typhoon.azet.org (chello080108049181.14.11.vie.surfer.at.
 [80.108.49.181])
 by smtp.gmail.com with ESMTPSA id bh6sm8839555wjb.0.2015.11.24.12.29.44
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 24 Nov 2015 12:29:45 -0800 (PST)
Date: Tue, 24 Nov 2015 21:29:44 +0100
From: Aaron Zauner <azet@azet.org>
To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= <des@des.no>
Cc: Benjamin Kaduk <kaduk@MIT.EDU>, freebsd-security@freebsd.org,
 freebsd-current@freebsd.org, Dewayne Geraghty <dewaynegeraghty@gmail.com>
Subject: Re: OpenSSH HPN
Message-ID: <20151124212613.4ff9b25ea0@80601bfc61c7744>
References: <56428F59.5010908@FreeBSD.org> <86y4e47uty.fsf@desk.des.no>
 <56436F4B.8050002@FreeBSD.org> <86r3jwfpiq.fsf@desk.des.no>
 <20151111181339.GE48728@zxy.spb.ru> <86io58flhk.fsf@desk.des.no>
 <20151111184448.GR31314@zxy.spb.ru>
 <CAGnMC6rMaY2a_F4qpxX4rB6n6n-tvijH74jxf8j94-2V8r_V8g@mail.gmail.com>
 <alpine.GSO.1.10.1511122120050.26829@multics.mit.edu>
 <86egfu9z0j.fsf@desk.des.no>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="fdj2RfSjLxBAspz7"
Content-Disposition: inline
In-Reply-To: <86egfu9z0j.fsf@desk.des.no>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Nov 2015 20:29:49 -0000


--fdj2RfSjLxBAspz7
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline

Hi,

Please forgive my ignorance but what's the reason FreeBSD ships
OpenSSH patched with HPN by default? Besides my passion for
security, I've been working in the HPC sector for a while and
benchmarked the patch for a customer about 1.5 years ago. The
CTR-multi threading patch is actually *slower* than upstream OpenSSH
with AES in CTR mode. GCM being, of course, the fastest mode on
AESNI plattforms.

The NULL mode is a security concern as some have noted, I can only
imagine that the window-scaling patch is of such importance?

Thanks,
Aaron

--fdj2RfSjLxBAspz7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWVMi2AAoJEOTbZJL9ubXVrCUQAOrENcA7FCWx7zONIjZWy0iq
Q4rdk1vZmew7JD8M4pJ4EQLi86RqtLcZOYOX311n2Myj78oQfkaKG/0wkGkBSm3B
MXIrmeY3fP0YJWYaB/NIhV0tC5sQ4sanQIhLSniu1hmYuCZi8Qvp9MbQeGhcLSFF
cY7HKWZ3xmo3d994APe8VOYsekVRk0Cp3+3R2nPBcqbZZmLep++3avPBDWpqMVxf
7lDwPvcF7U9pSs/fQZ4Wz5JX98vyYCW16atMaA1VPyay0uaIhKEEiuiKbh0iyEnl
DC8/6IT3YBd54BOmgqByKWHW5l8KS1CUbk91potLkW56rTPHqjF9H6VcefQPzzGn
68bve655W0IUU4LGPfwjMc9g8GPE4cxY7MX2eYU8qC1aIPRH/i16oamvkeclCtEQ
XgaHPAmqV8vDVa/P+THQlC7lIje8c3b79k6HQe4MmoRZr4impxjs2Gzy2rZJ9pgj
we64Z7SjI76oq5q/nmGVJZChneXSdf/VV9lrEo/odrZTjQW9twuENJVwh8trDyPz
L6WTwJ1dWX9GjG1i19OnGZCoE/5N9NlTNuiUThc4U/xESaMxc53nEIfB5+40nIhv
x3sKaN0wqeUunCJ7XCxLkzu0g8FPPS3XrHIFlLcISpn5cjJCB/09UdclUS+zKR01
PFb2fGazLpJX3/Lx6fXc
=jJSH
-----END PGP SIGNATURE-----

--fdj2RfSjLxBAspz7--