Cipher preference
Damien Miller
djm at mindrot.org
Tue Dec 31 13:43:15 EST 2013
On Mon, 30 Dec 2013, James Cloos wrote:
> When testing chacha20-poly1305, I noticed that aes-gcm is significantly
> faster than aes-ctr or aes-cbs with umac. Even on systems w/o aes-ni
> or other recent instruction set additions.
>
> And there seems to be consensus in the crypto community that AEAD
> ciphers are the way forward.
Lots of cryptographers also think that AES-GCM is fiendishly difficult
to get right, especially wrt timing leaks. That, and it's relative
newness in OpenSSH are the reasons it is not the default.
-d
More information about the openssh-unix-dev
mailing list