Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Security Practices

from [List Account] Network Security [Permanent Link]
Subject: RE: Security Practices
Date: Tue, 17 May 2005 14:38:45 -0400 



-----Original Message-----
From: David Busby [mailto:busby@edoceo.com] 
Sent: Tuesday, May 17, 2005 1:28 AM
To: secureshell@securityfocus.com
Subject: Security Practices


List,
  I'm trying to get my a sshd setup as secure as possible, 
some folks I 
know what to send financial data over this.  Right now I've 
got 2048bit 
RSA keys, aes256-cbc cipher (only), but all the MACs.  I'm 
thinking that 
I'll make my key 4096bits to add some security.  Which cipher is the 
best?  I picked AES256 cause I believe AES to be the best, 256 was the 
largest.  What is the difference between CBC and CTR?  MAC of hmac-md5 
is the best choice there correct?  Assume best means most 
secure even at 
the sacrifice of performance.  Thanks!

imperium bin # ssh -V
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
imperium bin # uname -a
Linux imperium 2.6.10-gentoo-r6-edoceo #4 Sun May 1 03:48:25 PDT 2005 
i686 AMD Athlon(TM) XP 1700+ AuthenticAMD GNU/Linux

/djb



What cipher is the best? Best is a relative term so I won't answer that.
According to http://csrc.nist.gov/cryptval/des.htm, AES is the FIPS-Approved
symmetric encryption algorithm of choice. In choosing the mode, cipher block
chaining mode is a block cipher and ctr is a stream cipher. Do some research
into these, as I can't answer what the specific (practical) differences are
without a lengthy email. You're assumption on MAC is correct.

My 2 cents,
Nathan Grandbois
Cerdant, Inc.
614.717.0123 ext. 26
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: x11 forwarding problems, Robert Hajime Lanning
Next by Date:  RE: Security Practices, Bryan McAninch
Previous by Thread:  RE: Security Practices, Bryan McAninch
Next by Thread:  RE: Security Practices, Mark Senior
Indexes:  [Date] [Thread] [Top] [All Lists]