Daniel Kalchev wrote this message on Wed, Nov 11, 2015 at 17:49 +0200:
> It is my understanding, that using the NONE cypher is not identical to using 
> ???the old tools??? (rsh/rlogin/rcp).
> When ssh uses the NONE cypher, credentials and authorization are still 
> encrypted and verified. Only the actual data payload is not encrypted.

Except the point is that you ALREADY trust your network, so you don't
need to encrypt the credentials and authorizations, otherwise, why are
you running unencrypted payloads?

In fact, if you aren't running at least a MAC, or a final verify, and
you're transfering large amounts of data (multiple gigabytes), the data
can and will likely be corrupted...


Having not used the NONE cipher, I don't know if the MAC is also
removed or not...  Either way, the MAC is still the long poll when
it comes to encryption w/ AES-NI...

  John-Mark Gurney                              Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."
freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to