Displaying 6 results from an estimated 6 matches for "no_spam_98".
2014 Mar 31
3
CTR mode
OpenSSH uses its own CTR mode implementation, correct? ?I seem to recall some discussion about why it hasn't/won't switch over to using OpenSSL's implementation, but I can't find the thread anymore.
So... why doesn't OpenSSH use OpenSSL's CTR mode implementation?
Thanks.
2014 Jan 30
2
CVE-2014-1692
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1692
The NIST advisory says that all versions of OpenSSH potentially contain the flaw. ?But is that really true? ?For example, I looked at the 3.8.1p1 distribution and didn't find any reference to JPAKE at all.
Thanks.
2013 Jun 19
1
OpenSSH and RFC 5114
I apologize up-front if this is the wrong list for this question.
Can OpenSSH be made to work with the MODP Groups in RFC 5114? ?The RFC itself makes a comment in section 3.4 that mentions that RFC 4419 extended the original SSH model to allow Diffie-Hellman parameters to be transmitted as part of the key exchange messages, but I'm not clear how that works with OpenSSH's moduli file.
Do
2013 May 23
1
Support for "ssh-rsa-sha256" and "ssh-dss-sha256" ?
I completely support this request. ?My organization is interested in supporting these public key algorithms to comply with NIST SP 800-131A too.
Jeff, it is my understanding that through RFC4419, OpenSSH can be support the Key Agreement Using Diffie-Hellman and MQV guidelines in SP 800-131A using the "diffie-hellman-group-exchange-sha256" method. ?Is that correct?
Thanks.
2014 Jan 30
0
CVE-2014-1692
<no_spam_98 <at> yahoo.com> writes:
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1692
>
> The NIST advisory says that all versions of OpenSSH potentially contain
> the flaw. ?But is that really true? ?For example, I looked at the
> 3.8.1p1 distribution and didn'...
2014 Mar 31
0
CTR mode
On Mon, Mar 31, 2014 at 08:40:26AM -0700, no_spam_98 at yahoo.com wrote:
> OpenSSH uses its own CTR mode implementation, correct? ?I seem to
> recall some discussion about why it hasn't/won't switch over to using
> OpenSSL's implementation, but I can't find the thread anymore.
>
> So... why doesn't OpenSSH use Open...