[linux-elitists] ssh hygiene

Rick Moen rick@linuxmafia.com
Tue Apr 30 09:25:30 PDT 2002


Quoting Matthew Galgoci (mgalgoci@redhat.com):

> Unless you control the client and server and can upgrade it as will,
> you may not have the luxury of using AES.

Remind me:  Why are we in a hurry to rush to a new encryption algorithm?
Because it's new?  Because it's fast?  

The one thing you most want in an encryption algorithm is a long history
of successful resistance to expert attack and scrutiny.  Like 3DES, for
example.  And Blowfish (but not Twofish) is only just now getting well
enough seasoned that cautious people might favour it.

Please note that it's not necessarily a _good_ thing to have all
aspects of performance be fast and efficient:  One of the reasons
Blowfish is attractive is that key-generation is _slow_.  Thus,
brute-force attacks on a given keyspace are thereby impaired. 




More information about the linux-elitists mailing list