openSSH w/out openSSL

brewbot at brewbot at
Tue Apr 19 17:09:14 AEST 2016


I looked into compiling openSSH w/out openSSL and discovered it
would not save the ed25519 key if it contained a passphrase. Debugging
revealed the code is using the DEFAULT_CIPHERNAME = aes256-cbc, but
the availble ciphers w/out openSSL are of the aes*-ctr types.
Changing DEFAULT_CIPHERNAME = aes256-ctr in sshkey.c fixed the problem.
[1] has some discussion regarding aes256-cbc vs aes256-ctr but would
like another opinion on whether those points are valid(or references
to journal papers discussing the differences). Are there
reasons the default is set to aes256-cbc from a security standpoint?

If this is a valid fix, please push it upstream.

-- rick


More information about the openssh-unix-dev mailing list