search for: no_spam_98

OpenSSH uses its own CTR mode implementation, correct? ?I seem to recall some discussion about why it hasn't/won't switch over to using OpenSSL's implementation, but I can't find the thread anymore. So... why doesn't OpenSSH use OpenSSL's CTR mode implementation? Thanks.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1692 The NIST advisory says that all versions of OpenSSH potentially contain the flaw. ?But is that really true? ?For example, I looked at the 3.8.1p1 distribution and didn't find any reference to JPAKE at all. Thanks.

I apologize up-front if this is the wrong list for this question. Can OpenSSH be made to work with the MODP Groups in RFC 5114? ?The RFC itself makes a comment in section 3.4 that mentions that RFC 4419 extended the original SSH model to allow Diffie-Hellman parameters to be transmitted as part of the key exchange messages, but I'm not clear how that works with OpenSSH's moduli file. Do

I completely support this request. ?My organization is interested in supporting these public key algorithms to comply with NIST SP 800-131A too. Jeff, it is my understanding that through RFC4419, OpenSSH can be support the Key Agreement Using Diffie-Hellman and MQV guidelines in SP 800-131A using the "diffie-hellman-group-exchange-sha256" method. ?Is that correct? Thanks.

<no_spam_98 <at> yahoo.com> writes: > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1692 > > The NIST advisory says that all versions of OpenSSH potentially contain > the flaw. ?But is that really true? ?For example, I looked at the > 3.8.1p1 distribution and didn'...

On Mon, Mar 31, 2014 at 08:40:26AM -0700, no_spam_98 at yahoo.com wrote: > OpenSSH uses its own CTR mode implementation, correct? ?I seem to > recall some discussion about why it hasn't/won't switch over to using > OpenSSL's implementation, but I can't find the thread anymore. > > So... why doesn't OpenSSH use Open...