Date: Thu, 4 Oct 2001 12:23:45 +0200 From: Markus Friedl <markus@Openbsd.org> To: Kris Kennaway <kris@obsecurity.org> Cc: Peter Pentchev <roam@ringlet.net>, Zvezdan Petkovic <zvezdan@CS.WM.EDU>, security@FreeBSD.ORG, openssh@Openbsd.org Subject: Re: default cipher types in openssh Message-ID: <20011004122345.A18375@faui02.informatik.uni-erlangen.de> In-Reply-To: <20011004024425.A47260@xor.obsecurity.org>; from kris@obsecurity.org on Thu, Oct 04, 2001 at 02:44:26AM -0700 References: <20011004011840.74747.qmail@web13904.mail.yahoo.com> <20011003221421.A28053@dali.cs.wm.edu> <20011004104839.A1959@ringworld.oblivion.bg> <20011004024425.A47260@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 04, 2001 at 02:44:26AM -0700, Kris Kennaway wrote: > On Thu, Oct 04, 2001 at 10:48:39AM +0300, Peter Pentchev wrote: > > On Wed, Oct 03, 2001 at 10:14:21PM -0400, Zvezdan Petkovic wrote: > > > According to the above we just need to update the stable branch to > > > 2.9.9, or at least the port (which seems to be on the way). > > > Other people probably know what would be better solution. > > > > -STABLE is at 2.9.0 as of September 28th. It seems to use AES128 now, too. > > Hmm, I didn't even know it could do that :) > > Someone needs to update the usage message for ssh: > > -c cipher Select encryption algorithm: ``3des'', ``blowfish'' the ssh binary says: -c cipher Select encryption algorithm the manpage says: -c blowfish|3des|des Selects the cipher to use for encrypting the session. 3des is used by default. It is believed to be secure. 3des (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. blowfish is a fast block cipher, it appears very secure and is much faster than 3des. des is only supported in the ssh client for interoperability with legacy protocol 1 implementations that do not support the 3des cipher. Its use is strongly discouraged due to cryptographic weaknesses. -c cipher_spec Additionally, for protocol version 2 a comma-separated list of ciphers can be specified in order of preference. See Ciphers for more information. perhaps we should merge the 2 entries. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011004122345.A18375>