[linux-elitists] ssh hygiene
Tue Apr 30 09:37:54 PDT 2002
On Tue, Apr 30, 2002 at 09:25:30AM -0700, Rick Moen wrote:
> Quoting Matthew Galgoci (firstname.lastname@example.org):
> > Unless you control the client and server and can upgrade it as will,
> > you may not have the luxury of using AES.
> Remind me: Why are we in a hurry to rush to a new encryption algorithm?
> Because it's new? Because it's fast?
I've no idea why anyone wants to rush into using AES. I'm certainly not in a rush
to upgrade any of my openssh installs to support it.
> The one thing you most want in an encryption algorithm is a long history
> of successful resistance to expert attack and scrutiny. Like 3DES, for
> example. And Blowfish (but not Twofish) is only just now getting well
> enough seasoned that cautious people might favour it.
> Please note that it's not necessarily a _good_ thing to have all
> aspects of performance be fast and efficient: One of the reasons
> Blowfish is attractive is that key-generation is _slow_. Thus,
> brute-force attacks on a given keyspace are thereby impaired.
Rick, I'm in violent agreement with you.
More information about the linux-elitists