In cipher-block chaining (CBC) mode, each block of plaintext is XOR'd with
the previous ciphertext block before being encrypted. Thus, up to that
point, each subsequent ciphertext block is dependent upon all previous
plaintext blocks. Conversely, counter (CTR) mode turns a block cipher into a
stream cipher. It generates the subsequent keystream block by encrypting
successive values of what is referred to as a counter. Which mode is more
'appropriate' for your situation is dependent on your needs - generally
speaking, I'd suggest using CBC.
Use HMAC's instead of MAC's. HMAC's are more secure since they are signed
with a shared secret key. Also, if you can use SHA instead of MD5, that
would be more secure as well.
If possible, use RSA 4096 keys, and AES-256 in CBC mode paired with
SHA-1/256/384/512 HMAC's. If someone breaks that, find a new job - it's not
worth your time and frustration to continue working in the infosec industry.
:)
-----Original Message-----
From: David Busby [mailto:busby@edoceo.com]
Sent: Tuesday, May 17, 2005 12:28 AM
To: secureshell@securityfocus.com
Subject: Security Practices
List,
I'm trying to get my a sshd setup as secure as possible, some folks I
know what to send financial data over this. Right now I've got 2048bit RSA
keys, aes256-cbc cipher (only), but all the MACs. I'm thinking that I'll
make my key 4096bits to add some security. Which cipher is the best? I
picked AES256 cause I believe AES to be the best, 256 was the largest. What
is the difference between CBC and CTR? MAC of hmac-md5 is the best choice
there correct? Assume best means most secure even at the sacrifice of
performance. Thanks!
imperium bin # ssh -V
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004 imperium bin # uname -a Linux
imperium 2.6.10-gentoo-r6-edoceo #4 Sun May 1 03:48:25 PDT 2005
i686 AMD Athlon(TM) XP 1700+ AuthenticAMD GNU/Linux
/djb
