search for: poly1305

https://bugzilla.mindrot.org/show_bug.cgi?id=2972 Bug ID: 2972 Summary: Add build-time option to use OpenSSL for ChaCha20-Poly1305 Product: Portable OpenSSH Version: 7.9p1 Hardware: ARM OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org Reporter: bu...

https://bugzilla.mindrot.org/show_bug.cgi?id=3194 Bug ID: 3194 Summary: Please consider lowering chacha20-poly1305 at openssh.com cipher priority on AES-NI capable CPU Product: Portable OpenSSH Version: 8.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneou...

On some cpu's optimized chacha implementation in openssl (1.1.0+) is notably faster (and on others it is just faster) than generic C implementation in openssh. Sadly, openssl's chacha20-poly1305 (EVP_chacha20_poly1305) uses different scheme (with padding/etc - see rfc8439) and it looks it is not possible to use in openssh. OpenSSL 1.1.1+ also exports "raw" poly1305 primitive, but I have not tried it yet (it was not in 1.1.0). Trivial benchmark: time ssh -c chacha20-poly1305 at...

...:30 PM, Guus Sliepen <guus at tinc-vpn.org> wrote: > Although the cryptography is now separated from the rest of the logic in > tinc, it is not really replaceable, since only OpenSSL is supported. > However, there is also a new protocol in tinc 1.1, which uses Ed25519 > and ChaCha-Poly1305. The code for those algorithms is included in tinc, > so the new protocol has no dependencies on external libraries. Any reason not to use libsodium for this? Pedro

...v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss h-rsa,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01@ openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecd sa-sha2-nistp384,ecdsa-sha2-nistp521 debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,b lowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.l iu.se debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-...

When testing chacha20-poly1305, I noticed that aes-gcm is significantly faster than aes-ctr or aes-cbs with umac. Even on systems w/o aes-ni or other recent instruction set additions. And there seems to be consensus in the crypto community that AEAD ciphers are the way forward. As such, it promoting the AEAD ciphers to the he...

...17 Jan 2019, Yuriy M. Kaminskiy wrote: > > > On some cpu's optimized chacha implementation in openssl (1.1.0+) > > is > > notably faster (and on others it is just faster) than generic C > > implementation in openssh. > > > > Sadly, openssl's chacha20-poly1305 (EVP_chacha20_poly1305) uses > > different scheme (with padding/etc - see rfc8439) and it looks it > > is not > > possible to use in openssh. > > > > OpenSSL 1.1.1+ also exports "raw" poly1305 primitive, but I > > have not tried it yet (it was not in 1...

https://bugzilla.mindrot.org/show_bug.cgi?id=2729 Bug ID: 2729 Summary: Can connect with MAC hmac-sha1 even though it's not configured on the server Product: Portable OpenSSH Version: 7.5p1 Hardware: All OS: Linux Status: NEW Severity: security Priority: P5

...KexAlgorithms, Ciphers and MACs in > /etc/ssh/sshd_config file as per the above ssh server version. For > example > as per below setting. > > KexAlgorithms > ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie- > hellman-group-exchange-sha256 > Ciphers chacha20-poly1305 at openssh.com,aes256-gcm at openssh.com, > aes128-gcm at openssh.com,aes256-ctr,aes192-ctr,aes128-ctr > MACs hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com, > umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256, > umac-128 at openssh.com > > Please guide m...

...openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,ssh-ed25519,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,...

I added an EXPLICIT AuthenticationMethods publickey,keyboard-interactive + UsePam yes to sshd_config. Now, at connect attempt I get Password: Verification code: Password: Verification code: Password: ... I.e., It's asking for Password, not accepting pubkey AND when given the password (which is correct), and the GA VerificationCode, it simply repeats the credentials request.

...length field encrypted. etm MAC modes and AES-GCM have the length field in cleartext. CBC is dangerous because the length field is encrypted with CBC. aes128-ctr + hmac-sha256 doesn't have any known vulnerability and encrypts the packet length, but uses the bad practice of e&m. chacha20-poly1305 encrypts both payload and packet len + uses authenticated encryption (best practice), even if the implementation looks very similar to etm. Aris >> BTW: Jan Zerebecki also doesn't recommend the AES CTR modes as they >> disclose packet length. >> https://wiki.mozilla.org/S...

...ellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ssh-ed25519-cert-v01 at openssh.com,ssh-ed25519,ssh-rsa-cert-v01 at openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-cbc,aes192...

Hi, I'm having a problem when I add "HostKeyAlgorithms +ssh-dss" to the ssh_config file the host key will always negotiate to a wrong one. In my case it will negotiate to "ecdsa-sha2-nistp256". The client was already configured with the servers rsa public key, before the change I added to the ssh_config file I could see from the debug that server and client will negotiate

...256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh- > ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ss > h-dss-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh- > dss-cert-v00 at openssh.com,ssh-ed25519,ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr, > aes128-gcm at openssh.com,aes256-gcm at openssh.com, > arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc, > cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se > debug2: kex_parse_kexinit: > chacha20-poly130...

Anyone trying openssl 3 against openssh? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Put more trust in nobility of character than in an oath. -Solon

...l_uid }}service submission-login { inet_listener submission { haproxy = yes port = 465 ssl = yes }}ssl = requiredssl_alt_cert = </etc/ssl/private/example.com.pemssl_alt_key = # hidden, use -P to show itssl_cert = </etc/ssl/private/example.com- ecc.pemssl_cipher_list = TLS-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA- CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:TLS-AES-256-GCM- SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:TLS- AES-128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256ssl_client_ca_file = /etc/ssl/certs/ca-certificates.crtssl_curve_list = X25519:secp521r1:secp384r1...

...references for apps' usage, e.g. Postfix etc; Typically, here cat /etc/pki/tls/openssl.cnf openssl_conf = default_conf [default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] MinProtocol = TLSv1.2 Ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 CipherString = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECD...

...change-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth] debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se [preauth] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com...

...x/private/dovecot-lmtp { group = _postfix mode = 0600 user = _postfix } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0600 } } ssl = required ssl_cert = </etc/ssl/private/2015/chain.crt ssl_cipher_list = ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA; ssl_dh_parameters_length = 2048 ssl_key = </etc/ssl/private/the.key ssl_pre...