Re: [JSch-users] AES ciphers on Jsch (was: JSch on Vmware ESX 3.0)

Thu, 09 Aug 2007 19:41:25 -0700 

Hi,

   +-From: [EMAIL PROTECTED] (Atsuhiko Yamanaka) --
   |_Date: Fri, 3 Aug 2007 10:50:44 +0900 _______
   |
   |If you and others have strong and reasonable counter arguments or 
   |suggestions, it may be checked in jsch.

After investigations on these days, I have decided to enable AES cipher
in the next release if it is available.  It seems AES is lighter that 3des
and it will be worth waisting CPU time to check its availability.
For example, I have founded that sftp transfer rates will been increased
by just switching from 3des-cbc to aes128-cbc.

The next version will have the property "CheckCiphers" and you can check
ciphers as follows,

      java.util.Hashtable config=new java.util.Hashtable();
      config.put("cipher.s2c",    // ciphers for the downward stream
                 "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc");
      config.put("cipher.c2s",    // ciphers for the upward stream 
                 "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc");
      config.put("CheckCiphers", "aes256-cbc,aes192-cbc,aes128-cbc");
      session.setConfig(config);

If some of ciphers specified by "CheckCiphers" are not available,
they will be stripped from "cipher.s2c" and "cipher.c2s".  

The default value for those properties in the next release will be as follows,

      config.put("cipher.s2c",  "aes128-cbc,3des-cbc,blowfish-cbc");
      config.put("cipher.c2s",  "aes128-cbc,3des-cbc,blowfish-cbc");
      config.put("CheckCiphers", "aes128-cbc");

So, just updating jsch version, "aes128-cbc" will be chosen 
if AES 128-bit key is available. 

If you have confirmed the availability of AES support on your environment
and you want to skip such a check, you need to re-set "CheckCiphers" as 
follows,

      config.put("CheckCiphers", "");

FYI, it seems that the GCJ included in Fedora has supported AES 256-bit key,
because it has been using BouncyCastle's JCE provider.


Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
    +1-415-578-3454
Fax +81-22-224-8773
Skype callto://jcraft/

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users

Reply via email to