Call for testing: OpenSSH-5.7

Damien Miller djm at mindrot.org
Fri Jan 21 07:34:26 EST 2011


On Thu, 20 Jan 2011, Steve Marquess wrote:

> Well, use of CTR is arguably legal but IMHO questionable.  AES-CTR is not
> included in the #1051 validation (see
> http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#695), and there
> is no compelling reason to use it (with or without FIPS 140-2).

Actually, http://www.openssh.com/txt/cbc.adv

Removing CTR and RC4 leaves only vulnerable CBC mode ciphers.

-d


More information about the openssh-unix-dev mailing list