The cipher 'none' in OpenSSH

Oliver M . Bolzer oliver at gol.com
Sat Jan 15 23:31:55 EST 2000 

On Fri, Jan 14, 2000 at 11:28:52AM -0500, David Rankin <drankin at bohemians.lexington.ky.us> wrote...

> > if I used ftp, I'd get much much more. I checked and noticed, that ssh
> > used up all the CPU power for encrypting the data.
> 
> If you are concerned with performance, I'd suggest using "des". You are
> getting "trivial" encryption; i.e. not enough encryption to stop someone

des "is no longer supported in ssh"(man 1 ssh). Someone else suggested using
blowfish so I did some benchmarks. I copied a 23083KB file using  scp on a
P5-233/64MB RAM laptop running Debian Linux (potato as of 1/13) with
Linux 2.3.32 three times using the various ciphers and calculated the average.
The command line used was
time scp -c XXX  07_Beethoven_Symph9Mov4.mp3 localhost:
where XXX is the cipher. For comparison I also copied using /bin/cp because
the experiment was done copying onto the same disk.

cipher	time	throughput
3des	1m43s	 224KBps
blowfish  31s	 769KBps
none	  17s	1357KBps
/bin/cp	  13s	1776KBps

none still has a 2:1 speed advantage over blowfish and that is IMHO still
a lot. If des was enabled I guess it would about 3x the performance
of 3des, so about equal to blowfish.

> -c none is still a large security exposure. It is the encryption that keeps
> someone from waiting until after keys pass and then immediately step in and
> either alter data or intercept passwords. 

Yes, I do recognize the danger of a man-in-the-middle attack. The only
reasonable place for none would be LANs (because over the net, bandwidth
will be more likely the limiting factor) where the largest danger would
be password sniffing. Also none is most useful for transferring large
data, as speed is not much an issue for small files (3des is fast enough
in such a case). The difference between 1 and 2 sec is small but between
5min and 10min is huge.

> I'm not even sure that I'd support this, but the only way this should go
> into the tree is with a "--with-none" option for configure that is by default
> "without".

I would agree with making it an configure option. Default value is not for
me to decide. What I pledge for is the freedom of choice to
select a weaker cipher in cases where it's use gives more advantages
than disadvantages.

Thanks. 
-- 

	Oliver M. Bolzer
	oliver at gol.com

GPG (PGP) Fingerprint = 621B 52F6 2AC1 36DB 8761  018F 8786 87AD EF50 D1FF

More information about the openssh-unix-dev mailing list