"cipher none" alternatives ?

Jason Stone jason at dfmm.org
Tue Mar 20 23:01:24 EST 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> On Sat, Mar 17, 2001 at 05:11:34PM -0800, Dan Kaminsky wrote:
> >     ssh -2 -oCiphers none -oMACs hmac-md5 user at host tar czf - bigdir/ | tar
> > xzvf -
> 
> yes, this would protect the integrity of the transmission.

Though of course, there's going to be a non-trivial expense associated
with MAC'ing.  I have no numbers, but I would imagine that the time
associated with md5 hasing is of the same order as the time associated
with crypting equivalent amounts of data?


 -Jason

 ---------------------------
 If the Revolution comes to grief, it will be because you and those you
 lead have become alarmed at your own brutality.         --John Gardner



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg

iD8DBQE6t0aYswXMWWtptckRAuxxAJ9YeNO/EfGHCdEzXfYgkqs7wPorzgCgsy0j
SevuoL7eQN+AF/E60KvCZo0=
=zInT
-----END PGP SIGNATURE-----






More information about the openssh-unix-dev mailing list