search for: rekeys

Displaying 20 results from an estimated 213 matches for "rekeys".

Did you mean: rekey
2003 Apr 11
2
How often should an encrypted session be rekeyed?
Using OpenSSL, is there a preferred/recommended rate of rekeying an encrypted stream of data? Does OpenSSL handle this for developers behind the scenes? Does it even need to be rekeyed? Thanks in advance. -sc -- Sean Chittenden -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 202 bytes Desc: not available
2023 Mar 24
1
ChaCha20 Rekey Frequency
I'm wondering why the ChaCha20 cipher rekeys so frequently. At speed I'm seeing rekeys every second or two. So I'm spending a large amount of time in the rekey process. From what I've read about ChaCha20 it shouldn't need to be rekeyed quite so frequently. Am I missing something obvious? Just curious more than anything el...
2005 Jun 13
1
rekeying in SSH-2 and session setup?
Dear all, while playing around with openssh-4.1p1 (trying to add AFS token forwarding in SSH-2), I noticed that agressive rekeying (as e.g. employed by regress/rekey.sh, rekeying every 16bytes) seems to disturb the various forwardings (X11, agent) set up at the beginning of the session. These do not trigger regression test errors, since the client does not ask for confirmation from the server for
2013 May 13
1
Session rekeying support in OpenSSH
Hi, I am using OpenSSH_5.2p1. It seems ssh server doesn't support key regeneration after a specified amount of time. I manually verified the OpenSSH_5.2p1 and OpenSSH-6.2 source codes and haven?t found any code support for session rekeying in both releases. SSH2 supports session rekeying using the parameter ?RekeyIntervalSeconds? with default value 3600 seconds (one hour) in both
2023 Mar 29
1
ChaCha20 Rekey Frequency
...t I'm deeply unsure of what impact that would have on the security of the cipher as it's implemented. Especially the without-openssl internal implementation. Chris On 3/24/23 4:36 PM, Christian Weisgerber wrote: > Chris Rapier: > >> I'm wondering why the ChaCha20 cipher rekeys so frequently. At speed I'm >> seeing rekeys every second or two. So I'm spending a large amount of >> time in the rekey process. From what I've read about ChaCha20 it >> shouldn't need to be rekeyed quite so frequently. Am I missing something >> obvious? &gt...
2004 Feb 20
1
ssh client auto rekey feature.
...plan to patch the ssh client to implement an auto-rekey option. Do any of the security/cipher gurus have any problem with automatically rekeying the connection at a specific interval. For simplicity's sake I just plan to implement a simple timer that goes off every user-specified-interval and rekeys the connection. If the developers are interested, I'll send the patch along when I'm done. Thanks, John
2016 Jan 05
14
[Bug 2521] New: subtract buffer size from computed rekey limit to avoid exceeding it
https://bugzilla.mindrot.org/show_bug.cgi?id=2521 Bug ID: 2521 Summary: subtract buffer size from computed rekey limit to avoid exceeding it Product: Portable OpenSSH Version: 6.8p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd
2023 Mar 29
1
[EXTERNAL] Re: ChaCha20 Rekey Frequency
I'm hardly an expert on this, but if I remember correctly, the rekey rate for good security is mostly dependent on the cipher block size. I left my reference books at home; so, I can't come up with a reference for you, but I would take Chris' "I'm deeply unsure of what impact that would have on the security of the cipher" comment seriously and switch to a cipher with a
2023 Mar 29
2
ChaCha20 Rekey Frequency
On Wed, 29 Mar 2023, Chris Rapier wrote: > I was wondering if there was something specific to the internal chacha20 > cipher as opposed to OpenSSL implementation. > > I can't just change the block size because it breaks compatibility. I can do > something like as a hack (though it would probably be better to do it with the > compat function): > > if
2023 Mar 29
1
[EXTERNAL] Re: ChaCha20 Rekey Frequency
That's true for block ciphers, but ChaCha20+poly1305 is a stream cipher. On Wed, 29 Mar 2023, Robinson, Herbie wrote: > > I?m hardly an expert on this, but if I remember correctly, the rekey rate > for good security is mostly dependent on the cipher block size.? I left my > reference books at home; so, I can?t come up with a reference for you, but I > would take Chris?
2023 Jan 19
4
[Bug 3524] New: Rekey interval timeout not working when no package is being transfered
https://bugzilla.mindrot.org/show_bug.cgi?id=3524 Bug ID: 3524 Summary: Rekey interval timeout not working when no package is being transfered Product: Portable OpenSSH Version: 8.9p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd
2000 Feb 15
1
Rekeying
Hello, I apologize that this is slightly off topic. According to the Internet Draft I found for SSH ver 1 (draft-ietf-tls-ssh-00.txt from Jun 13, 1996), the client or server can send a SSH_MSG_KEXINIT at any time to force a new key exchange. I looked through the code for OpenSSH and ssh-1.2.27 and can't find where it does this. I then searched the Secure Shell mailing list archives and saw
2023 Mar 29
1
[EXTERNAL] Re: ChaCha20 Rekey Frequency
Ah, with an internal block size [Is that what one calls it?] of 64 bytes. From: Damien Miller <djm at mindrot.org> Sent: Wednesday, March 29, 2023 3:08 PM To: Robinson, Herbie <Herbie.Robinson at stratus.com> Cc: Chris Rapier <rapier at psc.edu>; Christian Weisgerber <naddy at mips.inka.de>; openssh-unix-dev at mindrot.org Subject: RE: [EXTERNAL] Re: ChaCha20 Rekey
2017 Sep 23
3
Call for testing: OpenSSH 7.6
> Portable OpenSSH is also available via [...] Github: https://github.com/openssh/openssh-portable > > Running the regression tests supplied with Portable OpenSSH does not require installation and is a simply: > > $ ./configure && make tests I was going to try this on Kali Linux (latest version), but ran into trouble right away. No "configure" script exists
2023 Jun 10
1
Question About Dynamic Remote Forwarding
On Fri, 9 Jun 2023, Chris Rapier wrote: > Hi all, > > When a client requests dynamic remote forwarding with -R it delays forking > into the background. In ssh.c we see > > if (options.fork_after_authentication) { > if (options.exit_on_forward_failure && > options.num_remote_forwards > 0) { > debug("deferring postauth fork until
2024 May 21
2
[Bug 3692] New: rekey.sh doesn't actually test different algorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=3692 Bug ID: 3692 Summary: rekey.sh doesn't actually test different algorithms Product: Portable OpenSSH Version: 9.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Regression tests
2018 Nov 13
12
[Bug 2929] New: OpenSSH server should not send the SSH_MSG_EXT_INFO message after rekeying
https://bugzilla.mindrot.org/show_bug.cgi?id=2929 Bug ID: 2929 Summary: OpenSSH server should not send the SSH_MSG_EXT_INFO message after rekeying Product: Portable OpenSSH Version: 7.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5
2023 Mar 29
1
ChaCha20 Rekey Frequency
Hi Damien, >This is what I'm playing with at the moment: if you?re playing with this currently anyway, shouldn?t? >+ /* >+ * Otherwise, use the RFC4344 s3.2 recommendation of 2**(L/4) blocks >+ * before rekeying where L is the blocksize in bits. >+ * Most other ciphers have a 128 bit blocksize, so this equates to >+ * 2**32 blocks / 64GB data. >+ */ >+ return
2011 Nov 08
1
Rekeying value denoting NA
I'm trying to rekey values which denote there is no values, i.e., '-999' in a dataset which contains both '-999' and NA entries. When I try the following command I get the following error: > data.frame[data.frame$MAR <= -99999,"MAR"] <- NA "missing values are not allowed in subscripted assignments of data frames" Example of data: YEAR JAN
2004 Jan 07
0
rekeying problem between isakmpd and cisco 7000
Hi, I have a rekeying problem between FreeBSD4.9 (running isakmpd) and a Cisco 7000 box. The rekeying time of these two are not same, so even they new SAs are created on isakmpd side, the tunnel doesn't work at all. On isakmpd side, I know it creates new SA when SA life time passes 90%. But I don't know when Cisco builds the new SAs. I don't have much knowledge on Cisco and I cannot