[Bug 1550] Move from 3DES to AES-256 for private key encryption

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jan 23 07:55:04 EST 2009


https://bugzilla.mindrot.org/show_bug.cgi?id=1550





--- Comment #4 from Jim Knoble <jmknoble at pobox.com>  2009-01-23 07:55:03 ---
Message-ID: <4976A70C.2020305 at zip.com.au>
Date: Wed, 21 Jan 2009 15:39:40 +1100
From: Darren Tucker <dtucker at zip.com.au>
To: Damien Miller <djm at mindrot.org>
Subject: Re: OpenSSH private key encryption: time for AES?
References: <20090120060635.GA29074 at crawfish.ais.com>
 <alpine.BSO.1.10.0901201822540.5492 at fuyu.mindrot.org>
 <20090121014237.GD29074 at crawfish.ais.com>
 <alpine.BSO.1.10.0901211509560.5581 at fuyu.mindrot.org>
In-Reply-To: <alpine.BSO.1.10.0901211509560.5581 at fuyu.mindrot.org>
Cc: Jim Knoble <jmknoble at pobox.com>, OpenSSH Devel
 <openssh-unix-dev at mindrot.org>

Damien Miller wrote:
[...]
> If we change then it should be to the best encryption that is supported by
> widely deployed SSL/OpenSSH versions.

Don't forget some versions of the Solaris 10 OpenSSL package cripple
all 
ciphers with a key length >128 bits.  We work around that for the SSH 
ciphers but that's not going to help for the OpenSSL PEM functions.

-- 
Darren Tucker (dtucker at zip.com.au)

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list