similar to: 3DES key-length

When my client connects, I see this in my log: dovecot: imap-login: TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits) Whereas, when client connects to my postfix server, I see: Anonymous TLS connection established from * TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) how can I tell dovecot to use AES256, instead of AES128 ? is this set by ssl_cipher_list ? Here are my current

Does anyone knows which one is the strongest and which is the fastest encryption algorithms used in OpenSSH 3.7.1p2 from the list below aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, arcfour, aes192-cbc, aes256-cbc, rijndael-cbc at lysator.liu.se, aes128-ctr, aes192-ctr, aes256-ctr Strong Encryption OpenSSH supports 3DES, Blowfish, AES and arcfour as encryption algorithms. These are patent

Hi, I am running sshd (openssh-2.9p2) on a power-pc LynxOS box, and am connecting from a ssh client (openssh-2.9p2) on an x86 Linux box. This works fine for ssh protocol version 1, but am getting the below error for ssh v2: Disconnecting: Bad packet length -857542839. I am also attaching the complete debug traces from sshd & ssh below. I am not sure if this is an "endian" issue.

According to https://cipherli.st/ > ssl = yes > ssl_cert = </etc/dovecot.cert > ssl_key = </etc/dovecot.key > ssl_protocols = !SSLv2 !SSLv3 > ssl_cipher_list = AES128+EECDH:AES128+EDH > ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6 > Is what you want. Ok, so I have changed my ssl_cipher_list to: ssl_cipher_list = AES128+EECDH:AES128+EDH Before I made this change

Hi, In a recent security review some systems I manage were flagged due to supporting "weak" ciphers, specifically the ones listed below. So first question is are people generally modifying the list of ciphers supported by the ssh client and sshd? On CentOS 6 currently it looks like if I remove all the ciphers they are concerned about then I am left with Ciphers

Hello everybody, An issue was reported in RH bugzilla [1] about the size of the used DH group when combined with the 3des-cbc cipher. OpenSSH uses the actual key length for the size estimation. This is probably fine as far as the cipher has the same number of bits of security as the key length. But this is not true for 3TDEA where the key size is 168 resp 192 but it's security is only 112.

Am 07.02.2015 um 04:47 schrieb Reindl Harald: > > Am 06.02.2015 um 23:13 schrieb SW: >> According to https://cipherli.st/ >>> ssl = yes >>> ssl_cert = </etc/dovecot.cert >>> ssl_key = </etc/dovecot.key >>> ssl_protocols = !SSLv2 !SSLv3 >>> ssl_cipher_list = AES128+EECDH:AES128+EDH >>> ssl_prefer_server_ciphers = yes #

https://bugzilla.mindrot.org/show_bug.cgi?id=1550 Summary: Move from 3DES to AES-256 for private key encryption Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: All Status: NEW Keywords: patch Severity: enhancement Priority: P2 Component: ssh-keygen AssignedTo:

Hi, Is cipher "3des-ctr" supported by openssh? It is not mentioned in the list of supported ciphers in the man page of ssh_config: Thanks, Sunil Ciphers Specifies the ciphers allowed for protocol version 2 in order of preference. Multiple ciphers must be comma-separated. The supported ciphers are ''3des-cbc'', ''aes128-cbc'',

This was posted not too long ago on sci.crypt... Enjoy... I think the most relevant information is near the top, but it''s all quite good... :-) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- There is no intrinsic difference between algorithm and data, the same information can be viewed as data in one context and as algorithm in another. Why then do so many people claim that encryption algorithms

Hi Everybody! I've got a nasty problem with a fresh install of CenOS 4 (actually re-install, to rule out any configuration problems accumulated over time). We have a c4-based machine (further Server), which is supposed to serve a lot of files over NFS. In the course of the setup I was checking how the backups (using rsync) would work and got a lot of errors reported by rsync about

Hello all, It seems the overhaul on key exchange/selection broke it badly. I haven't managed to use any other encryption method than 3des and blowfish when connecting to SNAP -> SNAP. SNAP -> 2.2.0p1 will use arcfour etc. quite cleanly. How SNAP -> SNAP looks like: --- debug: Local version string SSH-2.0-OpenSSH_2.2.0p2 debug: send KEXINIT debug: done debug: wait KEXINIT debug:

I see that: SSH uses the following ciphers for encryption: Cipher SSH1 SSH2 DES yes no 3DES yes yes IDEA yes no Blowfish yes yes Twofish no yes Arcfour no yes Cast128-cbc no yes Two ques re: sshd: 1) Using openssh, how do I configure which

Hi, all. So, in reviewing my OpenSSH keypairs and evaluating the size my RSA keys should be, i realized that, if i update my 2048-bit keypairs to 4096 bits, it really doesn't matter that much, because they're still only encrypted with 3DES, which provides an effective 112 bits of symmetric encryption strength: $ head -4 ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- Proc-Type:

In 0.9.7 the private key encryption was switched from 3DES to AES, (https://bugzilla.mindrot.org/show_bug.cgi?id=1550) the motivation for this being that 128-bits of security is better than the 112 or so you get from 3DES these days. Interestingly that bug is about upgrading to AES-256, but we ended up with AES-128. Presumably due to the Solaris crippling? However ssh-keygen still uses a

i am not able to join the domain using ads and target ip ( net ads join ?S <domain controller ip> ?U <username> ). I am getting below error. *net ads join -S 172.17.100.97 -U administrator* *Enter administrator's password:* *kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in Kerberos database* *Failed to join domain: failed to connect to AD: Server not found

I've been reading on Bruce Schneier's blog about key diffusion and the key schedule in AES 256 being poor. Including this, for use in a geli encrypted provider, what are the pros and cons of selecting AES 128, 192, or 256?

Hi, I am using the autocomplete for text field with ''Scriptaculous'' and it works perfectly fine in "new" action. All the examples I see are only for the "new" action. But doesn''t default to the selected value/text in "edit/show" action? Is this possible or should I write custom code for "edit/show" action? Thanks, Hari --

Hi, What is the best way to parse HTML? Or is there a simple way to convert a table to an array? I tried beautiful_soup and the built-in htmltools, but have trouble getting them to run. Any pointers? Thanks, Hari -- Posted via http://www.ruby-forum.com/.

Hi, If it was just reads then the tier daemon won't migrate the files to hot tier. If you create a file or write to a file that file will be made available on the hot tier. On Mon, Jul 31, 2017 at 11:06 AM, Nithya Balachandran <nbalacha at redhat.com> wrote: > Milind and Hari, > > Can you please take a look at this? > > Thanks, > Nithya > > On 31 July 2017 at