Network Security: Detailed info on Re: Security Practices

Subject:	Re: Security Practices
Date:	Tue, 17 May 2005 13:14:22 -0400

David Busby wrote:

List, I'm trying to get my a sshd setup as secure as possible, some folks I know what to send financial data over this.

...

aes256-cbc cipher (only)


http://cr.yp.to/antiforgery/cachetiming-20050414.pdf

You may want to be aware of this paper. I believe the results are still preliminary, but it's something to follow.

I'm thinking that I'll make my key 4096bits to add some security.

Heh, is your name Avi? (cryptonomicon reference, couldn't resist) That's probably overkill, but that assumes no codebreaking paradigm shifts or what have you.

> Assume best means most secure even at

the sacrifice of performance. Thanks!

If you're going to use 4096 bit keys, you may want to move away from md5 as a hashing algorithm, since it has been shown to have some measure of weakness. You might look at SHA256, SHA512, or something like whirlpool. I'm not an expert, however, and I'm not sure how proven whirlpool really is (or about the measure of support of these hashes in ssh).

/djb


--
:wq

<Prev in Thread]	Current Thread	[Next in Thread>
Security Practices, David Busby Re: Security Practices, Nigel Stepp <= RE: Security Practices, Bryan McAninch RE: Security Practices, Bryan McAninch RE: Security Practices, List Account RE: Security Practices, Mark Senior RE: Security Practices, Mark Senior

Previous by Date:	RE: x11 forwarding problems, Foster, Dale
Next by Date:	RE: Security Practices, Mark Senior
Previous by Thread:	Security Practices, David Busby
Next by Thread:	RE: Security Practices, Bryan McAninch
Indexes:	[Date] [Thread] [Top] [All Lists]