OpenSSH private key encryption: time for AES?

Darren Tucker dtucker at
Wed Jan 21 15:39:40 EST 2009

Damien Miller wrote:
> If we change then it should be to the best encryption that is supported by
> widely deployed SSL/OpenSSH versions.

Don't forget some versions of the Solaris 10 OpenSSL package cripple all 
ciphers with a key length >128 bits.  We work around that for the SSH 
ciphers but that's not going to help for the OpenSSL PEM functions.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list