[Bug 1550] Move from 3DES to AES-256 for private key encryption
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Jan 23 07:54:40 EST 2009
https://bugzilla.mindrot.org/show_bug.cgi?id=1550
--- Comment #3 from Jim Knoble <jmknoble at pobox.com> 2009-01-23 07:54:39 ---
Message-ID: <4976A70C.2020305 at zip.com.au>
Date: Wed, 21 Jan 2009 15:39:40 +1100
From: Darren Tucker <dtucker at zip.com.au>
To: Damien Miller <djm at mindrot.org>
Subject: Re: OpenSSH private key encryption: time for AES?
References: <20090120060635.GA29074 at crawfish.ais.com>
<alpine.BSO.1.10.0901201822540.5492 at fuyu.mindrot.org>
<20090121014237.GD29074 at crawfish.ais.com>
<alpine.BSO.1.10.0901211509560.5581 at fuyu.mindrot.org>
In-Reply-To: <alpine.BSO.1.10.0901211509560.5581 at fuyu.mindrot.org>
Cc: Jim Knoble <jmknoble at pobox.com>, OpenSSH Devel
<openssh-unix-dev at mindrot.org>
Damien Miller wrote:
[...]
> If we change then it should be to the best encryption that is supported by
> widely deployed SSL/OpenSSH versions.
Don't forget some versions of the Solaris 10 OpenSSL package cripple
all
ciphers with a key length >128 bits. We work around that for the SSH
ciphers but that's not going to help for the OpenSSL PEM functions.
--
Darren Tucker (dtucker at zip.com.au)
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list