Rekey regression test: How is GCM magical?
Markus Friedl
mfriedl at gmail.com
Sun Nov 17 06:19:49 EST 2013
Am 16.11.2013 um 17:43 schrieb Christian Weisgerber <naddy at mips.inka.de>:
> Revision 1.10 of regress/usr.bin/ssh/rekey.sh has added this:
>
> # GCM is magical so test with all KexAlgorithms
> [...]
>
> How is GCM magical?
just because there is no MAC. so it makes sense to trigger more than
the default KEX.
> Is chacha20-poly1305 equally magical and needs testing with all
> KexAlgorithms as well?
in this sense, yes.
>
> (chacha20-poly1305 doesn't work with diffie-hellman-group1-sha1
> because the latter can't provide the required 512 bits of key
> material.)
why should it not work? in this case the key gets expanded,
even if the security margin of the kex is smaller.
-m
More information about the openssh-unix-dev
mailing list