similar to: CIphers and Channels

That's true for block ciphers, but ChaCha20+poly1305 is a stream cipher. On Wed, 29 Mar 2023, Robinson, Herbie wrote: > > I?m hardly an expert on this, but if I remember correctly, the rekey rate > for good security is mostly dependent on the cipher block size.? I left my > reference books at home; so, I can?t come up with a reference for you, but I > would take Chris?

I'm hardly an expert on this, but if I remember correctly, the rekey rate for good security is mostly dependent on the cipher block size. I left my reference books at home; so, I can't come up with a reference for you, but I would take Chris' "I'm deeply unsure of what impact that would have on the security of the cipher" comment seriously and switch to a cipher with a

On Wed, 29 Mar 2023, Chris Rapier wrote: > I was wondering if there was something specific to the internal chacha20 > cipher as opposed to OpenSSL implementation. > > I can't just change the block size because it breaks compatibility. I can do > something like as a hack (though it would probably be better to do it with the > compat function): > > if

Using stock OpenSSH 4.7 I found different behavior when trying to specify the use of the 'none' cipher depending on the command line option nomenclature. This is under linux 2.6.19-web100 using -ocipher=none [root at delta openssh-4.7p1-hpnv19]# /home/rapier/ssh47/bin/scp -S /home/rapier/ssh47/bin/ssh -ocipher=none -P 2222 ~rapier/2gb rapier at localhost:/dev/null rapier at

Hi, According to IETF draft draft-ietf-secsh-transport-14.txt, different ciphers(encryption), MAC and compression can be used for one direction say server-to-client and a completely different cipher, MAC and compression for the other direction client-to-server of the same connection. Is this supported today in OpenSSH, and if not, are there plans to support it in any future releases of the code?

The HPN12 patch available from http://www.psc.edu/networking/projects/hpn-ssh addresses performance issues with bulk data transfer over high bandwidth delay paths. By adjusting internal flow control buffers to better fit the outstanding data capacity of the path significant improvements in bulk data throughput performance are achieved. In other words, transfers over the internet are a lot

I hope this is the right list, as I'm desiring a feature addition in openssh. I would like the option to have a 'null' cipher (after the initial authorization, similar to 'delayed' for compression). It would have to be enabled on both client and server and server would never use it unless it was both enabled and asked for by the client. I'd strongly prefer it be able to

http://www.psc.edu/networking/projects/hpn-ssh/ Mike Stevens and I just released a new set of high performance networking patches for OpenSSH 3.9p1, 4.0p1, and 4.1p1. These patches will provide the same set of functionality across all 3 revisions. New functionality includes 1) HPN performance even without both sides of the connection being HPN enabled. As long as the bulk data flow is in the

Hi, I have written a patch to add SCTP support for OpenSSH on systems with SCTP capabilities with the following features: - SCTP support can be configured with --with-sctp, but is disabled by default - use SCTP for SSH connections instead of TCP - SCTP's multi-homing is activated for all available addresses by default, if SCTP is used - the sshd can be configured to listen with TCP, SCTP, or

Why are legacy MACs (like md5-96), and legacy Ciphers (anything in cbc-mode, arcfour*(?)) enabled by default? My proposal would be to change the defaults for ssh_config and sshd_config to contain: MACs hmac-sha2-256,hmac-sha2-512,hmac-sha1 Ciphers aes128-ctr,aes192-ctr,aes256-ctr ...removing md5, truncated versions of sha1, umac64 (for which I can find barely any review), any cipher in cbc

On Thu, Aug 3, 2023 at 2:35?PM Chris Rapier <rapier at psc.edu> wrote: > > Howdy all, > > So, one night over beers I was telling a friend how you could use the > timing between key presses on a type writer to extract information. > Basically, you make some assumptions about the person typing (touch > typing at so many words per second and then fuzzing the parameters

Hello, in addition to my last thread about a new config option to make strict-kex mandatory, I also wonder if a new mechanism for ciphers/macs can be introduced and is reliable by simple both sides using it. So there could be a Chacha20-Poly1305v2 at openssh.com which uses AD data to chain the messages together, so it will be resistant against terrapin even without the strict-kex. Consequently

Hello, I know this has come up before; but is the HPN patch (or elements thereof) currently being considered for integration in to the OpenSSH code base? Are there pending issues (buffer management, none cipher, etc) which still need to be addressed? We have been using HPN-SSH for over a year now, and like others, have observed significant performance improvement over standard OpenSSH. I can

Hi, There has been some recent work to improve the speed of the Message Authentication Codes (MACs) that are used in OpenSSH. The first improvement is a change from Markus Friedl to reuse the MAC context, rather than reinitialising it for every packet. This saves two calls to the underlying hash function (e.g. SHA1) for each packet. My tests found that this yielded at 12-16% speedup for bulk

https://bugzilla.mindrot.org/show_bug.cgi?id=3603 Bug ID: 3603 Summary: ssh clients can't communicate with server with default cipher when fips is enabled at server end Product: Portable OpenSSH Version: 9.4p1 Hardware: All OS: Linux Status: NEW Severity: critical

I see that: SSH uses the following ciphers for encryption: Cipher SSH1 SSH2 DES yes no 3DES yes yes IDEA yes no Blowfish yes yes Twofish no yes Arcfour no yes Cast128-cbc no yes Two ques re: sshd: 1) Using openssh, how do I configure which

The "--disable-strip" configure option is required as the Solaris9-X86 linker/loader will not be able to load any of the executables and will display a "Killed" message. Similarly, 'ldd' will fail with a "file has insecure interpreter" error message. Performing a loader or ldd test from the OpenSSH installation directory on the compiled executables within the

On Fri, 9 Jun 2023, Chris Rapier wrote: > Hi all, > > When a client requests dynamic remote forwarding with -R it delays forking > into the background. In ssh.c we see > > if (options.fork_after_authentication) { > if (options.exit_on_forward_failure && > options.num_remote_forwards > 0) { > debug("deferring postauth fork until

I was wondering if there was something specific to the internal chacha20 cipher as opposed to OpenSSL implementation. I can't just change the block size because it breaks compatibility. I can do something like as a hack (though it would probably be better to do it with the compat function): if (strstr(enc->name, "chacha")) *max_blocks = (u_int64_t)1 << (16*2);

I'm trying to collect some additional user information from the server using the 'logit' function. For example, I'm trying to get the cipher, mac, and compression status from kex.c in kex_chose_conf() with logit("SSH: %s;Ltype: Kex;Enc: %s;MAC: %s:Comp: %s", ctos ? "Server" : "Client", newkeys->enc.name, newkeys->mac.name,