openssh-unix-dev Digest, Vol 19, Issue 8

Jeremy McMillan aphor at mac.com
Thu Nov 11 06:26:28 EST 2004


On Nov 9, 2004, at 10:26 PM, Chris Adams <cmadams at hiwaay.net> wrote:

> Message: 4
> Date: Tue, 9 Nov 2004 15:13:36 -0600
> From: Chris Adams <cmadams at hiwaay.net>
> Subject: Re: RedHat forks OpenSSH?
> To: openssh-unix-dev at mindrot.org
> Message-ID: <20041109211336.GC1429068 at hiwaay.net>
> Content-Type: text/plain; charset=us-ascii
[deletion for brevity]
> I do have a question that it would be nice if someone could answer: why
> would I want to use CSS as a cipher in SSH?  As I understand it, CSS is
> a fairly weak algorithm; why would I want to use a weak encryption
> method?

Inclusion in OpenSSH as opposed to OpenSSL? No clue.
However, since DVD decoding hardware is fairly ubiquitous, maybe there 
is potential for OpenSSL-engine support to leverage hardware 
acceleration for the ACSS cipher for everything in your system, and not 
just a couple of DVD player apps. The last time I checked, hardware 
crypto acceleration cards are expensive (the cheapest hifn based board 
was around $100 if I remember correctly), and optimized for short SSL 
web traffic. Also, relatively weak symmetric ciphers can be 
strengthened by changing symmetric keys relatively more often.

> A different question: why are any of the ciphers being included in
> OpenSSH?  I thought that's why OpenSSL was used (if not, why not just
> put all the ciphers in OpenSSH and not require OpenSSL?).
>
> -- 
> Chris Adams <cmadams at hiwaay.net>
> Systems and Network Administrator - HiWAAY Internet Services
> I don't speak for anybody but myself - that's enough trouble.
>
---
Jeremy McMillan




More information about the openssh-unix-dev mailing list