From owner-freebsd-security Wed Oct 3 19:14:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from va.cs.wm.edu (va.cs.wm.edu [128.239.2.31]) by hub.freebsd.org (Postfix) with ESMTP id B1DCD37B403 for ; Wed, 3 Oct 2001 19:14:22 -0700 (PDT) Received: from dali.cs.wm.edu (dali [128.239.26.26]) by va.cs.wm.edu (8.11.4/8.9.1) with ESMTP id f942DVV15227 for ; Wed, 3 Oct 2001 22:13:31 -0400 (EDT) Received: (from zvezdan@localhost) by dali.cs.wm.edu (8.11.6/8.9.1) id f942ELH28251 for security@FreeBSD.ORG; Wed, 3 Oct 2001 22:14:21 -0400 Date: Wed, 3 Oct 2001 22:14:21 -0400 From: Zvezdan Petkovic To: security@FreeBSD.ORG Subject: Re: default cipher types in openssh Message-ID: <20011003221421.A28053@dali.cs.wm.edu> Mail-Followup-To: security@FreeBSD.ORG References: <20011004011840.74747.qmail@web13904.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011004011840.74747.qmail@web13904.mail.yahoo.com>; from caitlen888@yahoo.com on Wed, Oct 03, 2001 at 06:18:40PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Oct 03, 2001 at 06:18:40PM -0700, Caitlen wrote: > I'm noticed that openssh, even when connecting with > protocol 2, seems to default to 3des. While that's a > pretty conversative stance, isn't AES256 a little more > secure? The order of preferrence seems to a little > off. It obviously depends on the version of OpenSSH. My OpenBSD and Linux systems both give: zvezdan:7$ ssh -v OpenSSH_2.9.9, SSH protocols 1.5/2.0, OpenSSL 0x0090600f ... debug1: Local version string SSH-2.0-OpenSSH_2.9.9 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent ... As you can see, it uses AES. Unfortunately, I can't test on the FreeBSD right now since it doesn't support my laptop's Linkys PCMLM56 Ethernet/Modem multifunction PCMCIA card. I can use FreeBSD only with my wireless Orinico card when I'm at work. :-) Frankly, the default version in the 4.4-release is 2.3.0 which is _old_. Ports have 2.9 but that one became old recently after a security advisory from OpenSSH. I updated immediately to 2.9.9. > For example. > 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se > "man ssh" on my system gives: ... Ciphers Specifies the ciphers allowed for protocol version 2 in order of preference. Multiple ciphers must be comma-separated. The default is ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc'' ... > > Now I'm not suggesting we remove all of the other > cipher types except for AES, that would certainly > backwards compability. I am however suggesting that > we should have some open dicussion on the order of > preference here. Certainly arcfour should not be > listed as being more preferrable then AES. > Personally I think it should be something along the > lines of. > According to the above we just need to update the stable branch to 2.9.9, or at least the port (which seems to be on the way). Other people probably know what would be better solution. Best regards, -- Zvezdan Petkovic http://www.cs.wm.edu/~zvezdan/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message