OpenSSH private key encryption: time for AES?
djm at mindrot.org
Wed Jan 21 16:01:35 EST 2009
On Wed, 21 Jan 2009, Darren Tucker wrote:
> Damien Miller wrote:
> > If we change then it should be to the best encryption that is supported by
> > widely deployed SSL/OpenSSH versions.
> Don't forget some versions of the Solaris 10 OpenSSL package cripple all
> ciphers with a key length >128 bits. We work around that for the SSH
> ciphers but that's not going to help for the OpenSSL PEM functions.
Shouldn't this Just Work with our replacement EVP_aes_256_cbc in
cipher-aes.c? We already switch it on for the OPENSSL_LOBOTOMISED_AES
case (Obviously it would need to be tested...)
More information about the openssh-unix-dev