On Nov 9, 2004, at 10:26 PM, Chris Adams <cmadams at hiwaay.net> wrote:
> Message: 4
> Date: Tue, 9 Nov 2004 15:13:36 -0600
> From: Chris Adams <cmadams at hiwaay.net>
> Subject: Re: RedHat forks OpenSSH?
> To: openssh-unix-dev at mindrot.org
> Message-ID: <20041109211336.GC1429068 at hiwaay.net>
> Content-Type: text/plain; charset=us-ascii
[deletion for brevity]> I do have a question that it would be nice if someone could answer: why
> would I want to use CSS as a cipher in SSH? As I understand it, CSS is
> a fairly weak algorithm; why would I want to use a weak encryption
> method?
Inclusion in OpenSSH as opposed to OpenSSL? No clue.
However, since DVD decoding hardware is fairly ubiquitous, maybe there
is potential for OpenSSL-engine support to leverage hardware
acceleration for the ACSS cipher for everything in your system, and not
just a couple of DVD player apps. The last time I checked, hardware
crypto acceleration cards are expensive (the cheapest hifn based board
was around $100 if I remember correctly), and optimized for short SSL
web traffic. Also, relatively weak symmetric ciphers can be
strengthened by changing symmetric keys relatively more often.
> A different question: why are any of the ciphers being included in
> OpenSSH? I thought that's why OpenSSL was used (if not, why not just
> put all the ciphers in OpenSSH and not require OpenSSL?).
>
> --
> Chris Adams <cmadams at hiwaay.net>
> Systems and Network Administrator - HiWAAY Internet Services
> I don't speak for anybody but myself - that's enough trouble.
>
---
Jeremy McMillan
