[jira] [Assigned] (SSHD-948) Do not accept password authentication if the session is not encrypted
[ https://issues.apache.org/jira/browse/SSHD-948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lyor Goldstein reassigned SSHD-948: --- Assignee: Lyor Goldstein > Do not accept password authentication if the session is not encrypted > - > > Key: SSHD-948 > URL: https://issues.apache.org/jira/browse/SSHD-948 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 2.3.0 >Reporter: Lyor Goldstein >Assignee: Lyor Goldstein >Priority: Minor > > According to RFC4252 section 8: > {quote} >Both the server and the client should check whether the underlying >transport layer provides confidentiality (i.e., if encryption is >being used). If no confidentiality is provided ("none" cipher), >password authentication SHOULD be disabled. If there is no >confidentiality or no MAC, password change SHOULD be disabled. > {quote} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work started] (SSHD-948) Do not accept password authentication if the session is not encrypted
[ https://issues.apache.org/jira/browse/SSHD-948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Work on SSHD-948 started by Lyor Goldstein. --- > Do not accept password authentication if the session is not encrypted > - > > Key: SSHD-948 > URL: https://issues.apache.org/jira/browse/SSHD-948 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 2.3.0 >Reporter: Lyor Goldstein >Assignee: Lyor Goldstein >Priority: Minor > > According to RFC4252 section 8: > {quote} >Both the server and the client should check whether the underlying >transport layer provides confidentiality (i.e., if encryption is >being used). If no confidentiality is provided ("none" cipher), >password authentication SHOULD be disabled. If there is no >confidentiality or no MAC, password change SHOULD be disabled. > {quote} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Comment Edited] (SSHD-506) Add support for aes128/256-gcm ciphers
[ https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16951882#comment-16951882 ] Lyor Goldstein edited comment on SSHD-506 at 10/15/19 12:55 PM: * My understanding of the RFC is that the _AAD_ value to use for the cipher is the packet length. * The problem seems to be with {quote} The authentication tag produced by AES-GCM authenticated encryption will be placed in the MAC field at the end of the secure shell binary packet. {quote} Not sure how to make sure this is done by the current Java code was (Author: lgoldstein): My understanding of the RFC is that the _AAD_ value to use for the cipher is the packet length. > Add support for aes128/256-gcm ciphers > -- > > Key: SSHD-506 > URL: https://issues.apache.org/jira/browse/SSHD-506 > Project: MINA SSHD > Issue Type: Improvement >Reporter: Lyor Goldstein >Priority: Minor > > See: > * [rfc5647|https://tools.ietf.org/html/rfc5647] > * > [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01] > * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2] > * [JAVA AES 256 GCM encrypt/decrypt > example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/] > - especially the usage of {{GCMParameterSpec}} to initialize the cipher > * [OpenJDK 8 AESCipher.java source > code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java] > ** See also > [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java], > > [FeedbackCipher.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java], > > [GaloisCounterMode.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Updated] (SSHD-506) Add support for aes128/256-gcm ciphers
[ https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lyor Goldstein updated SSHD-506: Description: See: * [rfc5647|https://tools.ietf.org/html/rfc5647] * [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01] * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2] * [JAVA AES 256 GCM encrypt/decrypt example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/] - especially the usage of {{GCMParameterSpec}} to initialize the cipher * [OpenJDK 8 AESCipher.java source code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java] ** See also [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java], [FeedbackCipher.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java], [GaloisCounterMode.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java] was: See: * [rfc5647|https://tools.ietf.org/html/rfc5647] * [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01] * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2] * [JAVA AES 256 GCM encrypt/decrypt example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/] - especially the usage of {{GCMParameterSpec}} to initialize the cipher * [OpenJDK 8 AESCipher.java source code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java] ** See also [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java], [FeedbackCipher.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java] > Add support for aes128/256-gcm ciphers > -- > > Key: SSHD-506 > URL: https://issues.apache.org/jira/browse/SSHD-506 > Project: MINA SSHD > Issue Type: Improvement >Reporter: Lyor Goldstein >Priority: Minor > > See: > * [rfc5647|https://tools.ietf.org/html/rfc5647] > * > [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01] > * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2] > * [JAVA AES 256 GCM encrypt/decrypt > example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/] > - especially the usage of {{GCMParameterSpec}} to initialize the cipher > * [OpenJDK 8 AESCipher.java source > code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java] > ** See also > [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java], > > [FeedbackCipher.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java], > > [GaloisCounterMode.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Updated] (SSHD-506) Add support for aes128/256-gcm ciphers
[ https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lyor Goldstein updated SSHD-506: Description: See: * [rfc5647|https://tools.ietf.org/html/rfc5647] * [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01] * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2] * [JAVA AES 256 GCM encrypt/decrypt example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/] - especially the usage of {{GCMParameterSpec}} to initialize the cipher * [OpenJDK 8 AESCipher.java source code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java] ** See also [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java], [FeedbackCipher.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java] was: See: * [rfc5647|https://tools.ietf.org/html/rfc5647] * [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01] * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2] * [JAVA AES 256 GCM encrypt/decrypt example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/] - especially the usage of {{GCMParameterSpec}} to initialize the cipher * [OpenJDK 8 AESCipher.java source code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java] ** See also [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java] > Add support for aes128/256-gcm ciphers > -- > > Key: SSHD-506 > URL: https://issues.apache.org/jira/browse/SSHD-506 > Project: MINA SSHD > Issue Type: Improvement >Reporter: Lyor Goldstein >Priority: Minor > > See: > * [rfc5647|https://tools.ietf.org/html/rfc5647] > * > [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01] > * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2] > * [JAVA AES 256 GCM encrypt/decrypt > example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/] > - especially the usage of {{GCMParameterSpec}} to initialize the cipher > * [OpenJDK 8 AESCipher.java source > code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java] > ** See also > [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java], > > [FeedbackCipher.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Updated] (SSHD-506) Add support for aes128/256-gcm ciphers
[ https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lyor Goldstein updated SSHD-506: Description: See: * [rfc5647|https://tools.ietf.org/html/rfc5647] * [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01] * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2] * [JAVA AES 256 GCM encrypt/decrypt example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/] - especially the usage of {{GCMParameterSpec}} to initialize the cipher * [OpenJDK 8 AESCipher.java source code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java] ** See also [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java] was: See: * [rfc5647|https://tools.ietf.org/html/rfc5647] * [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01] * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2] * [JAVA AES 256 GCM encrypt/decrypt example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/] - especially the usage of {{GCMParameterSpec}} to initialize the cipher * [OpenJDK 8 AESCipher.java source code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java] > Add support for aes128/256-gcm ciphers > -- > > Key: SSHD-506 > URL: https://issues.apache.org/jira/browse/SSHD-506 > Project: MINA SSHD > Issue Type: Improvement >Reporter: Lyor Goldstein >Priority: Minor > > See: > * [rfc5647|https://tools.ietf.org/html/rfc5647] > * > [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01] > * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2] > * [JAVA AES 256 GCM encrypt/decrypt > example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/] > - especially the usage of {{GCMParameterSpec}} to initialize the cipher > * [OpenJDK 8 AESCipher.java source > code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java] > ** See also > [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Updated] (SSHD-506) Add support for aes128/256-gcm ciphers
[ https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lyor Goldstein updated SSHD-506: Description: See: * [rfc5647|https://tools.ietf.org/html/rfc5647] * [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01] * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2] * [JAVA AES 256 GCM encrypt/decrypt example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/] - especially the usage of {{GCMParameterSpec}} to initialize the cipher * [OpenJDK 8 AESCipher.java source code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java] was: See: * [rfc5647|https://tools.ietf.org/html/rfc5647] * [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01] * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2] * [JAVA AES 256 GCM encrypt/decrypt example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/] - especially the usage of {{GCMParameterSpec}} to initialize the cipher > Add support for aes128/256-gcm ciphers > -- > > Key: SSHD-506 > URL: https://issues.apache.org/jira/browse/SSHD-506 > Project: MINA SSHD > Issue Type: Improvement >Reporter: Lyor Goldstein >Priority: Minor > > See: > * [rfc5647|https://tools.ietf.org/html/rfc5647] > * > [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01] > * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2] > * [JAVA AES 256 GCM encrypt/decrypt > example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/] > - especially the usage of {{GCMParameterSpec}} to initialize the cipher > * [OpenJDK 8 AESCipher.java source > code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-506) Add support for aes128/256-gcm ciphers
[ https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16951882#comment-16951882 ] Lyor Goldstein commented on SSHD-506: - My understanding of the RFC is that the _AAD_ value to use for the cipher is the packet length. > Add support for aes128/256-gcm ciphers > -- > > Key: SSHD-506 > URL: https://issues.apache.org/jira/browse/SSHD-506 > Project: MINA SSHD > Issue Type: Improvement >Reporter: Lyor Goldstein >Priority: Minor > > See: > * [rfc5647|https://tools.ietf.org/html/rfc5647] > * > [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01] > * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2] > * [JAVA AES 256 GCM encrypt/decrypt > example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/] > - especially the usage of {{GCMParameterSpec}} to initialize the cipher -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Updated] (SSHD-506) Add support for aes128/256-gcm ciphers
[ https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lyor Goldstein updated SSHD-506: Description: See: * [rfc5647|https://tools.ietf.org/html/rfc5647] * [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01] * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2] * [JAVA AES 256 GCM encrypt/decrypt example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/] - especially the usage of {{GCMParameterSpec}} to initialize the cipher was: See: * [rfc5647|https://tools.ietf.org/html/rfc5647] * [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01] * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2] > Add support for aes128/256-gcm ciphers > -- > > Key: SSHD-506 > URL: https://issues.apache.org/jira/browse/SSHD-506 > Project: MINA SSHD > Issue Type: Improvement >Reporter: Lyor Goldstein >Priority: Minor > > See: > * [rfc5647|https://tools.ietf.org/html/rfc5647] > * > [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01] > * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2] > * [JAVA AES 256 GCM encrypt/decrypt > example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/] > - especially the usage of {{GCMParameterSpec}} to initialize the cipher -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Comment Edited] (SSHD-946) Supporting 'encrypt-then-MAC' mode
[ https://issues.apache.org/jira/browse/SSHD-946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16951848#comment-16951848 ] Lyor Goldstein edited comment on SSHD-946 at 10/15/19 11:30 AM: Succeeded - the (un-documented ?) behavior compatible with {{OpenSSH}} is that the padding should not take into account the length field (4 bytes) when encrypt-then-MAC mode is used. Inferred by looking at the _C_ code: {code:c} aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0; block_size = enc ? enc->block_size : 8; if (aadlen) { /* only the payload is encrypted */ need = state->packlen; } else { /* * the payload size and the payload are encrypted, but we * have a partial packet of block_size bytes */ need = 4 + state->packlen - block_size; } if (need % block_size != 0) { logit("padding error: need %d block %d mod %d", need, block_size, need % block_size); return ssh_packet_start_discard(ssh, enc, mac, 0, PACKET_MAX_SIZE - block_size); } {code} was (Author: lgoldstein): Succeeded - the (un-documented ?) behavior compatible with {{OpenSSH}} is that the padding should not take into account the length field (4 bytes) when encrypt-then-MAC mode is used. > Supporting 'encrypt-then-MAC' mode > -- > > Key: SSHD-946 > URL: https://issues.apache.org/jira/browse/SSHD-946 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Cornelis Hoeflake >Assignee: Lyor Goldstein >Priority: Major > > Hi, the current implementation uses by default '**encrypt-*and*-MAC' mode. Is > it possible to change this (or at least made it possible) to > 'encrypt-*then*-MAC'? > Please see also: > [https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-946) Supporting 'encrypt-then-MAC' mode
[ https://issues.apache.org/jira/browse/SSHD-946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16951848#comment-16951848 ] Lyor Goldstein commented on SSHD-946: - Succeeded - the (un-documented ?) behavior compatible with {{OpenSSH}} is that the padding should not take into account the length field (4 bytes) when encrypt-then-MAC mode is used. > Supporting 'encrypt-then-MAC' mode > -- > > Key: SSHD-946 > URL: https://issues.apache.org/jira/browse/SSHD-946 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Cornelis Hoeflake >Assignee: Lyor Goldstein >Priority: Major > > Hi, the current implementation uses by default '**encrypt-*and*-MAC' mode. Is > it possible to change this (or at least made it possible) to > 'encrypt-*then*-MAC'? > Please see also: > [https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work started] (SSHD-946) Supporting 'encrypt-then-MAC' mode
[ https://issues.apache.org/jira/browse/SSHD-946?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Work on SSHD-946 started by Lyor Goldstein. --- > Supporting 'encrypt-then-MAC' mode > -- > > Key: SSHD-946 > URL: https://issues.apache.org/jira/browse/SSHD-946 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Cornelis Hoeflake >Assignee: Lyor Goldstein >Priority: Major > > Hi, the current implementation uses by default '**encrypt-*and*-MAC' mode. Is > it possible to change this (or at least made it possible) to > 'encrypt-*then*-MAC'? > Please see also: > [https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org