On Wed, Jan 12, 2005 at 04:19:55PM -0500, Dean Anderson <[EMAIL PROTECTED]> is thought to have said:
> I don't think we have any genuine encryption experts, so its hard to say > which is really better. 3des is still used by banks. If I recall, > Blowfish (or perhaps its IDEA or both) is patented. Although, now that > you bring up the point, it is kind of funny that AES isn't in the list for > ssh.... Sure it is. It depends on if your underlying encryption libs support it though. On Fedora Core 3 for example: > openssl version OpenSSL 0.9.7a Feb 19 2003 > openssl ciphers DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:DHE-DSS-RC4-SHA:EXP-KRB5-RC4-MD5:EXP-KRB5-RC4-SHA:KRB5-RC4-MD5:KRB5-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:KRB5-DES-CBC3-MD5:KRB5-DES-CBC3-SHA:RC4-64-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:KRB5-DES-CBC-MD5:KRB5-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5 And snipped from a ssh -v session: debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none Wikipedia has some decent descriptions of various ciphers if you're interested: http://en.wikipedia.org/wiki/Blowfish_(cipher) http://en.wikipedia.org/wiki/DES http://en.wikipedia.org/wiki/Triple_DES http://en.wikipedia.org/wiki/Advanced_Encryption_Standard` -- -------------------------------------------------------------------- Tabor J. Wells [EMAIL PROTECTED] Fsck It! Just another victim of the ambient morality _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
