On Mon, 14 Jan 2008 15:22:35 +0100 (CET) Jan Pechanec <[EMAIL PROTECTED]> wrote:
> On Mon, 14 Jan 2008, Ken Gunderson wrote: > > hi Ken, > > >$ ssh -V > >OpenSSH_4.3, OpenSSL 0.9.7g 11 Apr 2005 > >$ uname -rs > >OpenBSD 3.9 > > > >and aes256 is still supported. So Sun has apparently w/held some of the > >strong crypto stuff. I'll leave the rest up to the conspiracy > >theorists... > > I would just like to say again that anything else is easier to > attack than aes128 (and so far it looks like this might be true for several > tens of years to come) so technically there is no reason to use aes256 for > session keys aside from the fact that it might "look better" to users that > don't understand the difference between aes128 and aes256 in real life. > > yes, I absolutely agree that there is no reason why not allow it and > we will definitely add it there back but if it's the only issue why not to > run SunSSH than I don't think it's a good one. The reason why it's not there > now was explained by Casper. And I can confirm that there is no check > whether SUNWcry package is present (OpenSSL has it), aes256 was just > removed, I suspect that the reason was the one I explained above. Jan: Thanks for all your clarifications. I don't know history of relationship between Sun and OpenSSH, but basically they did not want to accept your code so you had to fork? Any quick explanations as to why, e.g. technical or political reasons? -- Best regards, Ken Gunderson Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon? _______________________________________________ opensolaris-discuss mailing list [email protected]
