Hello Gordon,
On Wed, 2016-10-19 at 10:31 -0700, Gordon Messmer wrote:> On 10/19/2016 08:30 AM, Leonard den Ottolander wrote:
> > Where did you get the idea that AES (~ Rijndael) is a weak cipher?
>
>
> It's not the cipher, but the mode. CBC has several known weaknesses in
> TLS, and is frequently regarded as potentially insecure as a result.
>
> https://www.openssl.org/~bodo/tls-cbc.txt
According to that document those issues are solved in the TLS 1.1
specification. It also indicates that issues 1) and 2) do not exist in
openssl since 0.9.6i and 0.9.6e respectively and that openssls TLS 1.0
implementation handles padding correctly so issue 3) doesn't exist in
openssl either.
However, I see that the openssh developers have decided to disable cbc
algorithms in 6.7. Not sure what their rationale is as from the document
you mention I grasp that these issues can be fixed by correctly padding
the message and adding one extra random block before the message ("front
padding").
Personally I would be more concerned whether or not to enable ECDSA
algorithms (https://blog.cr.yp.to/20140323-ecdsa.html).
Regards,
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research