olamy commented on PR #591:
URL: https://github.com/apache/mina-sshd/pull/591#issuecomment-2325455038
> > this one ^ is still needed because we want to use BCFIPS.
>
> Right.
>
> However, for FIPS mode I think we may have another problem: we use our own
ChaCha20-Poly1305 implementation, and we use the bcyrypt KDF for encrypted
OpenSSH "new format" keys.
>
right as far as I understand ` ChaCha20-Poly1305` is not FIPS compliant.
Regarding `OpenSSH "new format" keys`, I'm not quite sure.
> Probably we should have a way to disable those if you want to run in FIPS
mode?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
