Bug#611392: sshd_config(5) could better describe Ciphers
On 22/06/11 19:33, Ray Dillinger wrote:
> Agreed. In light of RC4's vulnerability to replay attacks
> (explained in the context of SSH at
> https://www.kb.cert.org/vuls/id/565052 )
I think that refers to the way RC4 was used by SSHv1, and the advisory
states that OpenSSH was not vulnerable at the time (only the commercial
SSH product was).
My concern was that 'arcfour' and 'arcfour128' are crucially different
but the sshd_config(5) man page doesn't explain this when it gives a
list of available ciphers. Both options use the same key length, but
the former mode leaks information about the key. So, I nearly enabled
the wrong one.
The Debian default configuration seems okay, it would allow a client to
use a stronger cipher than RC4 or DES if they support it.
> Do we have any idea how much trouble it would cause for these
> deprecated insecure ciphers to be completely disabled?
Some may want to use arcfour128 in preference to AES because on some
hardware it is less CPU-intensive, and hence faster if doing something
like backups or rsync over a high-speed LAN.
Regards,
--
Steven Chamberlain
steven@pyro.eu.org
Reply to: