Default ciphers list
Christian Weisgerber
naddy at mips.inka.de
Sun Nov 17 12:27:19 EST 2013
Jesse P. <jessep3 at hushmail.com> wrote:
> Hi. I was reading the sshd_config manpage and wondering why the default
> ciphers are:
>
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
> aes128-gcm at openssh.com,aes256-gcm at openssh.com,
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
> aes256-cbc,arcfour
>
> Wasn't AES-GCM supposed to be more secure and recommended?
AES-GCM performs relatively poorly without hardware support (such
as AESNI).
> Also, why is CTR preferred over CBC? Thanks.
http://www.openssh.com/txt/cbc.adv
--
Christian "naddy" Weisgerber naddy at mips.inka.de
More information about the openssh-unix-dev
mailing list