Date: Tue, 1 Dec 2015 12:33:58 +0800 From: Julian Elischer <julian@freebsd.org> To: Brooks Davis <brooks@freebsd.org>, Aaron Zauner <azet@azet.org> Cc: Dag-Erling Sm??rgrav <des@des.no>, freebsd-security@freebsd.org, freebsd-current@freebsd.org, Dewayne Geraghty <dewaynegeraghty@gmail.com>, Benjamin Kaduk <kaduk@MIT.EDU> Subject: Re: OpenSSH HPN Message-ID: <565D2336.60505@freebsd.org> In-Reply-To: <20151130192348.GD81246@spindle.one-eyed-alien.net> References: <86y4e47uty.fsf@desk.des.no> <56436F4B.8050002@FreeBSD.org> <86r3jwfpiq.fsf@desk.des.no> <20151111181339.GE48728@zxy.spb.ru> <86io58flhk.fsf@desk.des.no> <20151111184448.GR31314@zxy.spb.ru> <CAGnMC6rMaY2a_F4qpxX4rB6n6n-tvijH74jxf8j94-2V8r_V8g@mail.gmail.com> <alpine.GSO.1.10.1511122120050.26829@multics.mit.edu> <86egfu9z0j.fsf@desk.des.no> <20151124212613.4ff9b25ea0@80601bfc61c7744> <20151130192348.GD81246@spindle.one-eyed-alien.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/12/2015 3:23 AM, Brooks Davis wrote: > On Tue, Nov 24, 2015 at 09:29:44PM +0100, Aaron Zauner wrote: >> Hi, >> >> Please forgive my ignorance but what's the reason FreeBSD ships >> OpenSSH patched with HPN by default? Besides my passion for >> security, I've been working in the HPC sector for a while and >> benchmarked the patch for a customer about 1.5 years ago. The >> CTR-multi threading patch is actually *slower* than upstream OpenSSH >> with AES in CTR mode. GCM being, of course, the fastest mode on >> AESNI plattforms. > We never imported the AES bits as they were broken and AESNI was > available. > >> The NULL mode is a security concern as some have noted, I can only >> imagine that the window-scaling patch is of such importance? > Both NULL and window-scaling were merged because both are useful in some > environments. yeah but Null was just unmerged. window scaling is also on the block I think > > -- Brooks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?565D2336.60505>