[linux-elitists] ssh hygiene

Matthew Galgoci mgalgoci@redhat.com
Tue Apr 30 09:37:54 PDT 2002


On Tue, Apr 30, 2002 at 09:25:30AM -0700, Rick Moen wrote:
> Quoting Matthew Galgoci (mgalgoci@redhat.com):
> 
> > Unless you control the client and server and can upgrade it as will,
> > you may not have the luxury of using AES.
> 
> Remind me:  Why are we in a hurry to rush to a new encryption algorithm?
> Because it's new?  Because it's fast?  

I've no idea why anyone wants to rush into using AES. I'm certainly not in a rush
to upgrade any of my openssh installs to support it.

> The one thing you most want in an encryption algorithm is a long history
> of successful resistance to expert attack and scrutiny.  Like 3DES, for
> example.  And Blowfish (but not Twofish) is only just now getting well
> enough seasoned that cautious people might favour it.
> 
> Please note that it's not necessarily a _good_ thing to have all
> aspects of performance be fast and efficient:  One of the reasons
> Blowfish is attractive is that key-generation is _slow_.  Thus,
> brute-force attacks on a given keyspace are thereby impaired. 

Rick, I'm in violent agreement with you.

-- 



More information about the linux-elitists mailing list