Date: Mon, 30 Nov 2015 19:23:48 +0000 From: Brooks Davis <brooks@freebsd.org> To: Aaron Zauner <azet@azet.org> Cc: Dag-Erling Sm??rgrav <des@des.no>, freebsd-security@freebsd.org, freebsd-current@freebsd.org, Dewayne Geraghty <dewaynegeraghty@gmail.com>, Benjamin Kaduk <kaduk@MIT.EDU> Subject: Re: OpenSSH HPN Message-ID: <20151130192348.GD81246@spindle.one-eyed-alien.net> In-Reply-To: <20151124212613.4ff9b25ea0@80601bfc61c7744> References: <86y4e47uty.fsf@desk.des.no> <56436F4B.8050002@FreeBSD.org> <86r3jwfpiq.fsf@desk.des.no> <20151111181339.GE48728@zxy.spb.ru> <86io58flhk.fsf@desk.des.no> <20151111184448.GR31314@zxy.spb.ru> <CAGnMC6rMaY2a_F4qpxX4rB6n6n-tvijH74jxf8j94-2V8r_V8g@mail.gmail.com> <alpine.GSO.1.10.1511122120050.26829@multics.mit.edu> <86egfu9z0j.fsf@desk.des.no> <20151124212613.4ff9b25ea0@80601bfc61c7744>
next in thread | previous in thread | raw e-mail | index | archive | help
--GvXjxJ+pjyke8COw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 24, 2015 at 09:29:44PM +0100, Aaron Zauner wrote: > Hi, >=20 > Please forgive my ignorance but what's the reason FreeBSD ships > OpenSSH patched with HPN by default? Besides my passion for > security, I've been working in the HPC sector for a while and > benchmarked the patch for a customer about 1.5 years ago. The > CTR-multi threading patch is actually *slower* than upstream OpenSSH > with AES in CTR mode. GCM being, of course, the fastest mode on > AESNI plattforms. We never imported the AES bits as they were broken and AESNI was available. > The NULL mode is a security concern as some have noted, I can only > imagine that the window-scaling patch is of such importance? Both NULL and window-scaling were merged because both are useful in some environments. -- Brooks --GvXjxJ+pjyke8COw Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJWXKJDAAoJEKzQXbSebgfASrgH/1p/MkvhO0k28KFPB9wE0eKG MwNfbV7LzVJNR7ZZPUZHbvuR4OS1XR497q9yHBEmcpwEDCMqPZazHrSsaam9z46N e1sUcbLzPE1qeWIiHZX4cDddTQZMDkK53Wb368doSPF04SO+FseJWBZi0N0UEcjI RdRXtGkqH4pjvUc9g7HgKrhGQuL8qTpym9QGkfqTla3JrOHYK92DqNU2VNQnDX5T /N3OsD9BprvoQo+rrjwMc0znODGpBFFaxY8LxyCNJFb8k4S69yhrSufoad3/sTFj Q+tPhl01pNKRBxfN0O5Zz1hrx1U36A5OcpNfhcImnK5nI8RfXvqP8cFzdqkgASc= =uiPE -----END PGP SIGNATURE----- --GvXjxJ+pjyke8COw--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151130192348.GD81246>