Date: Mon, 12 Jan 2015 20:59:50 -0600 (CST) From: Greg Rivers <gcr+freebsd-security@tharned.org> To: Jonathan Anderson <jonathan@FreeBSD.org>, Benjamin Kaduk <kaduk@MIT.EDU>, Ondra Knezour <knezour@weboutsourcing.cz>, Zoran Kolic <zkolic@sbb.rs>, Paul Hoffman <paul.hoffman@vpnc.org> Cc: freebsd-security@freebsd.org Subject: Re: Securing SSH Message-ID: <alpine.BSF.2.11.1501122038470.9102@angus.tharned.org> In-Reply-To: <54B45084.102@weboutsourcing.cz> References: <alpine.BSF.2.11.1501111913310.9102@angus.tharned.org> <54B45084.102@weboutsourcing.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 11 Jan 2015, Jonathan Anderson wrote: > I can't comment much on the elliptic-curve stuff, but I think it's a bit > of a stretch to say that SHA-1 isn't safe for use in a KDF. > On Sun, 11 Jan 2015, Benjamin Kaduk wrote: > The author also appears to not understand the difference between > single-DES and triple-DES, so I would expect the value of that posting > to be only as a brainstormed list of ideas to consider for further > analysis. > On Mon, 12 Jan 2015, Ondra Knezour wrote: > You may also want to consult The applied crypto hardening book draft at > https://bettercrypto.org/ if you are looking for some "instant" security > inspiration. > Thank you all for your informative replies. I suspected that the article was a bit naive. Like many, I don't have a deep knowledge of cryptography, so I appreciate your input. I thought it was worthwhile to ask and perhaps generate some discussion about FreeBSD's default SSH configuration. On Mon, 12 Jan 2015, Zoran Kolic wrote: > In fact, you got answer on openbsd misc list. > On Mon, 12 Jan 2015, Paul Hoffman wrote: > Can you point to that for the rest of us? I'd rather not wade in > openbsd-misc.... > It took a lot of searching to find, but I suspect he's talking about <http://thread.gmane.org/gmane.os.openbsd.tech/40343/focus=219119 >, which fails parts 3 through 6 of the Boy Scout Law. -- Greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.11.1501122038470.9102>