Re: SSL cipher mode

Mon, 22 Aug 2011 14:11:28 -0700

Just as an FYI my collegue and I developed an AES-CTR mode cipher for OpenSSH a while ago. There was some discussion about it here a few years ago. Anyway, if you would like to see the process we used you can get the multithreaded AES-CTR mode cipher from http://www.psc.edu/networking/projects/hpn-ssh
I'd love to see what you come up with as I do believe there is room for improvement in what we did as in we never built a method for modifying the number of threads and it breaks if ssh forks to the background before authentication. 


If you come up with anything or want to ask some question email me as I 
don't audit this list very often.


Chris Rapier
PSC/XSEDE


rigoo wrote:

Well, I assume that the standard will become available in future.  
As part of my research I want to make it to run in parallel, for cbc mode

only the decryption can be run in parallel, but for ctr both encryption and

decryption. 
I am thinking to use a benchmarking tool like httperf, since it uses openssl

library, then I should be able to customize the standard for both client and

the server. Does this make sense to you? 

 
  


Dr. Stephen Henson wrote:


On Thu, Aug 04, 2011, wrote:



Hi,
I want to make apache to use aes cipher for encryption in ctr mode (by
default it is cbc mode). Cipher mode for aes is not specified in the
cipher
list. I know the mode is not being chosen in the "hello" process, but do
you
know when client and the server settle on the cipher mode they are about
to
use? If I know that I can hard code the settings to make apache use the
ctr
mode.


Since no standards exist which use AES and CTR mode you can't actually do
this
without violating the standards ciphersuites or introducing a non-standard
experimental ciphersuite.

So the question is why do you want to do that?

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org






______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to