openSSH w/out openSSL
brewbot at yahoo.com
brewbot at yahoo.com
Tue Apr 19 17:09:14 AEST 2016
All,
I looked into compiling openSSH w/out openSSL and discovered it
would not save the ed25519 key if it contained a passphrase. Debugging
revealed the code is using the DEFAULT_CIPHERNAME = aes256-cbc, but
the availble ciphers w/out openSSL are of the aes*-ctr types.
Changing DEFAULT_CIPHERNAME = aes256-ctr in sshkey.c fixed the problem.
[1] has some discussion regarding aes256-cbc vs aes256-ctr but would
like another opinion on whether those points are valid(or references
to journal papers discussing the differences). Are there
reasons the default is set to aes256-cbc from a security standpoint?
If this is a valid fix, please push it upstream.
-- rick
[1] https://crypto.stackexchange.com/questions/18538/aes256-cbc-vs-aes256-ctr-in-ssh
More information about the openssh-unix-dev
mailing list