Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20151113204338.GC392@gremlin.ru>
Date: Fri, 13 Nov 2015 23:43:38 +0300
From: gremlin@...mlin.ru
To: owl-dev@...ts.openwall.com
Subject: OpenSSH

Good ${greeting_time}, colleagues!

This week I had to update OpenSSH on several hosts, so I looked at
version 7.1p1.

Good news (and a good reason to update): it has Encrypt-then-MAC (ETM)
support.
Minor issue (may be important for someone): it has DSA keys disabled
by default.

For now, I've built the first experimental package (7.1p1-g1) with
the following options:
1. SSH-1 is disabled.
2. Ciphers are
	blowfish256-cfb aes256-ctr aes192-ctr aes128-ctr
for server and, additionally,
	aes256-gcm aes128-gcm blowfish-cbc aes256-cbc aes192-cbc
	aes128-cbc chacha20-poly1305
for client.
3. MACs are
	hmac-sha2-512-etm hmac-sha2-256-etm hmac-sha2-512 hmac-sha2-256
for server and, additionally,
	umac-64-etm umac-128-etm umac-64 umac-128 hmac-ripemd160-etm
	hmac-ripemd160 hmac-sha1-etm hmac-sha1
for client.
4. ECDSA support is fully disabled by CFLAGS="-UOPENSSL_HAS_ECC".
5. RSA keys have minimal size of 4096 bits and default size of 8192.

I think of disabling ED25519 and ChaCha as well as SHA-1: first looks
intentionally weakened by reducing the key size beyond good sence,
second is a stream cipher that is generally weaker than generating
gamma with ciphertext feedback, and the third is rumored to be finally
broken (that's why I've dropped MD5, RC4 and companions). Possibly,
these algorithms could be left in clients, but not in the server.

Another question is related to the "Anti-Debian" (CVE-2008-0166) patch
and openssh-blacklist package: do we still need them after almost 8
years since that epic fail was discovered and published?


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru>
GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.