search for: cc20

Have people given thought to the private key encryption methods in light of potential quantum attacks? While the recent paper about breaking 50bit RSA doesn't pose a threat I've been thinking about future harvest now, decrypt later attacks against CC20 and AES. Are there post quantum ciphers that can effectively replace these available or in development? Is the threat still too far off to be a serious concern? Just curious about people's thoughts from a practical and dev perspective. Chris

...4, Chris Rapier wrote: > Have people given thought to the private key encryption methods in light of > potential quantum attacks? While the recent paper about breaking 50bit RSA > doesn't pose a threat I've been thinking about future harvest now, decrypt > later attacks against CC20 and AES. Are there post quantum ciphers that can > effectively replace these available or in development? Is the threat still > too far off to be a serious concern? Grover's search algorithm gives a cryptographically-relevant quantum computer a quadratic speedup. This effectively halves...

On Fri, 9 Jun 2023, Chris Rapier wrote: > Hi all, > > When a client requests dynamic remote forwarding with -R it delays forking > into the background. In ssh.c we see > > if (options.fork_after_authentication) { > if (options.exit_on_forward_failure && > options.num_remote_forwards > 0) { > debug("deferring postauth fork until

...so it will be resistant against terrapin even without the strict-kex. > > Consequently the hmac-etmv2 at openssh.com mode could be deviced in a similar manner, to > also include the transcript hash or similar things. > > The impact of removing the only "alternative" cipher cc20p1305 because of terrapin hardening as well > as falling back to the old eam-macs is really bad for ssh best practice. And while "enforce strict-key" > could gain some of the trust back, the attack also shows, that those constructs are just very fragile. > > And while a redesig...