On Mon, 14 Jan 2008, Ken Gunderson wrote:
hi Ken,
>$ ssh -V
>OpenSSH_4.3, OpenSSL 0.9.7g 11 Apr 2005
>$ uname -rs
>OpenBSD 3.9
>
>and aes256 is still supported. So Sun has apparently w/held some of the
>strong crypto stuff. I'll leave the rest up to the conspiracy
>theorists...
I would just like to say again that anything else is easier to
attack than aes128 (and so far it looks like this might be true for several
tens of years to come) so technically there is no reason to use aes256 for
session keys aside from the fact that it might "look better" to users that
don't understand the difference between aes128 and aes256 in real life.
yes, I absolutely agree that there is no reason why not allow it and
we will definitely add it there back but if it's the only issue why not to
run SunSSH than I don't think it's a good one. The reason why it's not there
now was explained by Casper. And I can confirm that there is no check
whether SUNWcry package is present (OpenSSL has it), aes256 was just
removed, I suspect that the reason was the one I explained above.
regards, Jan.
--
Jan Pechanec
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
