From owner-freebsd-security  Tue Jul 11 14:50:50 2000
Delivered-To: freebsd-security@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6715137B7DA; Tue, 11 Jul 2000 14:50:47 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id OAA93798;
	Tue, 11 Jul 2000 14:50:47 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Tue, 11 Jul 2000 14:50:47 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: Harold Gutch <logix@foobar.franken.de>
Cc: Brett Glass <brett@lariat.org>, Dave <dave@dugard.org>,
	security@FreeBSD.ORG
Subject: Re: OpenSSH in 4.0 doesn't seem to work out of the box
In-Reply-To: <20000711210540.B17911@foobar.franken.de>
Message-ID: <Pine.BSF.4.21.0007111444550.88886-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 11 Jul 2000, Harold Gutch wrote:

> > P.S. -- I've always wondered why El Gamal wasn't one of the encryption
> > options, since it's unencumbered and already used in PGP.
> 
> The ElGamal encryption algorithm I know of doubles the size of
> the plaintext;  that's not really a problem with PGP, since the
> actual encryption algorithm uses a private key, which is
> transferred after being encrypted with a public key algorithm.

ITYM "session key" - RSA and DSA modes work by negotiating a session key
which is used with a conventional (symmetric) cipher to encrypt the bulk
data. I don't know much about El Gamal, but if it can negotiate a session
key then there's nothing preventing you from using it as a SSH2 key format
in the same way, except that no other clients or servers out there will
support you :-)

The real reason RSA is used in OpenSSH SSH1 mode is because that's what
was implemented in the SSH1 protocol, probably because it's the most
suitable public-key algorithm for the job. SSH1 didn't allow for other
algorithms, and SSH2, which does, uses DSA (an algorithm which is patented
but usable without restrictions) which does everything you'd need.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message