Date: Wed, 11 Nov 2015 11:22:22 -0800 From: John-Mark Gurney <jmg@funkthat.com> To: Daniel Kalchev <daniel@digsys.bg> Cc: Jason Birch <jbirch@jbirch.net>, Ben Woods <woodsb02@gmail.com>, Bryan Drewery <bdrewery@freebsd.org>, Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no>, "freebsd-current@freebsd.org" <freebsd-current@freebsd.org>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: OpenSSH HPN Message-ID: <20151111192221.GS65715@funkthat.com> In-Reply-To: <546376BD-A2E7-4B73-904E-4F33DD82401E@digsys.bg> References: <86io5a9ome.fsf@desk.des.no> <20151110175216.GN65715@funkthat.com> <56428C84.8050600@FreeBSD.org> <CAOc73CAHQ0FRPES7GrM6ckkWfgZCS3Se7GFUrDO4pR_EMVSvZQ@mail.gmail.com> <20151111075930.GR65715@funkthat.com> <CAA=KUhs9g9gajxwLFBgn2nNhnn4oQSZ56FRVC%2BPde4ZZO=g7Ug@mail.gmail.com> <546376BD-A2E7-4B73-904E-4F33DD82401E@digsys.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
Daniel Kalchev wrote this message on Wed, Nov 11, 2015 at 17:49 +0200: > It is my understanding, that using the NONE cypher is not identical to using ???the old tools??? (rsh/rlogin/rcp). > > When ssh uses the NONE cypher, credentials and authorization are still encrypted and verified. Only the actual data payload is not encrypted. Except the point is that you ALREADY trust your network, so you don't need to encrypt the credentials and authorizations, otherwise, why are you running unencrypted payloads? In fact, if you aren't running at least a MAC, or a final verify, and you're transfering large amounts of data (multiple gigabytes), the data can and will likely be corrupted... See: http://noahdavids.org/self_published/CRC_and_checksum.html Having not used the NONE cipher, I don't know if the MAC is also removed or not... Either way, the MAC is still the long poll when it comes to encryption w/ AES-NI... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151111192221.GS65715>