From owner-freebsd-questions Wed May 3 13:31:27 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.inka.de (quechua.inka.de [212.227.14.2]) by hub.freebsd.org (Postfix) with ESMTP id B54C737BE47 for ; Wed, 3 May 2000 13:31:23 -0700 (PDT) (envelope-from daemon@mips.inka.de) Received: from bigeye.rhein-neckar.de (uucp@) by mail.inka.de with local-bsmtp id 12n5nm-0000v7-01; Wed, 3 May 2000 22:31:22 +0200 Received: (from daemon@localhost) by bigeye.rhein-neckar.de (8.9.3/8.9.3) id WAA86710 for freebsd-questions@freebsd.org; Wed, 3 May 2000 22:27:07 +0200 (CEST) (envelope-from daemon) From: naddy@mips.inka.de (Christian Weisgerber) Subject: Re: OpenSSH algorithms Date: 3 May 2000 22:27:06 +0200 Message-ID: <8eq22q$2kl8$1@bigeye.rhein-neckar.de> References: <4.3.1.2.20000503140108.00b5e340@216.67.12.69> To: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Forrest Aldrich wrote: > Does our OpenSSH port only use the RSA algorithm? I didn't see any > options to use other algorithms (idea, etc) which may be free from > patent issues. This would be a good thing to have, IMHO, and would > avoid all these other problems with RSA usage. > > Or did I miss something :) Most importantly, you missed the destinction between asymmetric encryption algorithms used for public key exchanges and symmetric encryption used for most of the actual work. The SSH1 protocol is fixed in its use of RSA for public keys. These are used for authentication and to encrypt a temporary symmetric key. The latter is used for actual data encryption during a session, since the available symmetric encryption schemes are much faster. SSH1 users can choose from a variety of symmetric encryption algorithms. OpenSSH provides 3DES and Blowfish. IDEA was dropped because it does suffer from patent issues. The SSH2 protocol uses DSA for public keys. Apparently DSA is unencumbered. The next release of OpenSSH (to be included in OpenBSD 2.7) will support SSH2. FreeBSD's OpenSSH will be updated as soon as things have stabilized on the OpenBSD side. -- Christian "naddy" Weisgerber naddy@mips.inka.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message