Call for testing: OpenSSH-5.7
Damien Miller
djm at mindrot.org
Fri Jan 21 07:34:26 EST 2011
On Thu, 20 Jan 2011, Steve Marquess wrote:
> Well, use of CTR is arguably legal but IMHO questionable. AES-CTR is not
> included in the #1051 validation (see
> http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#695), and there
> is no compelling reason to use it (with or without FIPS 140-2).
Actually, http://www.openssh.com/txt/cbc.adv
Removing CTR and RC4 leaves only vulnerable CBC mode ciphers.
-d
More information about the openssh-unix-dev
mailing list