On Sun, 11 Jan 2015, Jonathan Anderson wrote:
I can't comment much on the elliptic-curve stuff, but I think it's a bit
of a stretch to say that SHA-1 isn't safe for use in a KDF.
On Sun, 11 Jan 2015, Benjamin Kaduk wrote:
The author also appears to not understand the difference between
single-DES and triple-DES, so I would expect the value of that posting
to be only as a brainstormed list of ideas to consider for further
analysis.
On Mon, 12 Jan 2015, Ondra Knezour wrote:
You may also want to consult The applied crypto hardening book draft at
https://bettercrypto.org/ if you are looking for some "instant" security
inspiration.
Thank you all for your informative replies. I suspected that the article
was a bit naive. Like many, I don't have a deep knowledge of
cryptography, so I appreciate your input. I thought it was worthwhile to
ask and perhaps generate some discussion about FreeBSD's default SSH
configuration.
On Mon, 12 Jan 2015, Zoran Kolic wrote:
In fact, you got answer on openbsd misc list.
On Mon, 12 Jan 2015, Paul Hoffman wrote:
Can you point to that for the rest of us? I'd rather not wade in
openbsd-misc....
It took a lot of searching to find, but I suspect he's talking about
<http://thread.gmane.org/gmane.os.openbsd.tech/40343/focus=219119 >, which
fails parts 3 through 6 of the Boy Scout Law.
--
Greg
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
