patch adding none cipher/mac for ssh v2

[Jefferson Ogata]

Michael A Stevens wrote:
>> I didn't say I do need it. But I do understand J Raynor's explanation. 
>> J wants to use ssh authentication without incurring crypto overhead on 
>> the session; this saves CPU when doing large transfers. This is handy 
>> for scp or rsync over ssh (I usually use blowfish for this since it 
>> seems to be the fastest cipher in the suite). J specifically stated 
>> that this could be used on channels that are already secure, e.g. 
>> IPsec or ssh tunnels.
> 
> The factest cipher from our tests has been arcfour, by a wide margin.

Thanks for the info.

For this to be true in practice, however, certain modifications have to 
be made to openssh's windowing size. Are these changes now part of the 
openssh distribution, and enabled by default? Also, have they been 
backported to other vendors' distributions, e.g. Sun, Red Hat?

Without these changes, arcfour, blowfish, and aes128 perform 
equivalently in terms of bandwidth. With the changes, blowfish is the 
second fastest after arcfour. Note that some people avoid using arcfour 
for legal reasons; blowfish is a completely unencumbered and 
unthreatened alternative that performs quite well.

-- 
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>