Re: [JSch-users] AES ciphers on Jsch (was: JSch on Vmware ESX 3.0)

Wed, 15 Aug 2007 23:31:28 -0700 

Hi,

I'm sorry for my delay of replying to you.  
# I have been on the vacation and will not be able to make 
# responses promptly until the end of next week.

   +-From: "Oberhuber, Martin" <[EMAIL PROTECTED]> --
   |_Date: Tue, 14 Aug 2007 16:20:42 +0200 _______________________
   |
   |Based on these thoughts, I'd think that the default
   |values should be as follows:
   |"ciphers.s2c" "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc"
   |"ciphers.c2s" "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc"
   |"CheckCiphers" "aes256-cbc,aes192-cbc,aes128-cbc"
   ... 
   |I think the problem if it's not the way I'm proposing is,
   |that if I write my application today and I want to make
   |use of aes192-cbc and aes256-cbc, I need to manually 
   |override the config today; but if I do so, my application
   |cannot benefit from future addition of ciphers, because
   |I'm manually overriding the config already.

I don't have strong counterarguments about ciphers, which should be checked.
As I wrote in the previous message, AES 256/192 key will not be available
on Sun's JRE(and also IBM's JRE?) by the default, and almost of all users
can not use them, so I had drooped them from "CheckCiphers".  Ok, now
I don't hasitate to check them in the next release by the default.

So,the default values will be as follows, 
  "ciphers.s2c" "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc"
  "ciphers.c2s" "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc"
  "CheckCiphers" "aes256-cbc,aes192-cbc,aes128-cbc"
as you have suggested.  Thank you for your suggestion.


Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
    +1-415-578-3454
Fax +81-22-224-8773
Skype callto://jcraft/

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users

Reply via email to