On 22/06/11 19:33, Ray Dillinger wrote: > Agreed. In light of RC4's vulnerability to replay attacks > (explained in the context of SSH at > https://www.kb.cert.org/vuls/id/565052 )
I think that refers to the way RC4 was used by SSHv1, and the advisory states that OpenSSH was not vulnerable at the time (only the commercial SSH product was). My concern was that 'arcfour' and 'arcfour128' are crucially different but the sshd_config(5) man page doesn't explain this when it gives a list of available ciphers. Both options use the same key length, but the former mode leaks information about the key. So, I nearly enabled the wrong one. The Debian default configuration seems okay, it would allow a client to use a stronger cipher than RC4 or DES if they support it. > Do we have any idea how much trouble it would cause for these > deprecated insecure ciphers to be completely disabled? Some may want to use arcfour128 in preference to AES because on some hardware it is less CPU-intensive, and hence faster if doing something like backups or rsync over a high-speed LAN. Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org