Date: Wed, 3 Oct 2001 22:14:21 -0400 From: Zvezdan Petkovic <zvezdan@CS.WM.EDU> To: security@FreeBSD.ORG Subject: Re: default cipher types in openssh Message-ID: <20011003221421.A28053@dali.cs.wm.edu> In-Reply-To: <20011004011840.74747.qmail@web13904.mail.yahoo.com>; from caitlen888@yahoo.com on Wed, Oct 03, 2001 at 06:18:40PM -0700 References: <20011004011840.74747.qmail@web13904.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 03, 2001 at 06:18:40PM -0700, Caitlen wrote:
> I'm noticed that openssh, even when connecting with
> protocol 2, seems to default to 3des. While that's a
> pretty conversative stance, isn't AES256 a little more
> secure? The order of preferrence seems to a little
> off.
It obviously depends on the version of OpenSSH. My OpenBSD and Linux
systems both give:
zvezdan:7$ ssh -v <somehost>
OpenSSH_2.9.9, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
<snip>
...
</snip>
debug1: Local version string SSH-2.0-OpenSSH_2.9.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
<snip>
...
</snip>
As you can see, it uses AES.
Unfortunately, I can't test on the FreeBSD right now since it doesn't
support my laptop's Linkys PCMLM56 Ethernet/Modem multifunction PCMCIA
card. I can use FreeBSD only with my wireless Orinico card when I'm at
work. :-)
Frankly, the default version in the 4.4-release is 2.3.0 which is _old_.
Ports have 2.9 but that one became old recently after a security
advisory from OpenSSH. I updated immediately to 2.9.9.
> For example.
> 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
>
"man ssh" on my system gives:
...
Ciphers
Specifies the ciphers allowed for protocol version 2
in order of preference. Multiple ciphers must be
comma-separated. The default is
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc''
...
>
> Now I'm not suggesting we remove all of the other
> cipher types except for AES, that would certainly
> backwards compability. I am however suggesting that
> we should have some open dicussion on the order of
> preference here. Certainly arcfour should not be
> listed as being more preferrable then AES.
> Personally I think it should be something along the
> lines of.
>
According to the above we just need to update the stable branch to
2.9.9, or at least the port (which seems to be on the way).
Other people probably know what would be better solution.
Best regards,
--
Zvezdan Petkovic <zvezdan@cs.wm.edu>
http://www.cs.wm.edu/~zvezdan/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011003221421.A28053>