[jira] [Assigned] (SSHD-948) Do not accept password authentication if the session is not encrypted
[
https://issues.apache.org/jira/browse/SSHD-948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lyor Goldstein reassigned SSHD-948:
---
Assignee: Lyor Goldstein
> Do not accept password authentication if the session is not encrypted
> -
>
> Key: SSHD-948
> URL: https://issues.apache.org/jira/browse/SSHD-948
> Project: MINA SSHD
> Issue Type: Improvement
>Affects Versions: 2.3.0
>Reporter: Lyor Goldstein
>Assignee: Lyor Goldstein
>Priority: Minor
>
> According to RFC4252 section 8:
> {quote}
>Both the server and the client should check whether the underlying
>transport layer provides confidentiality (i.e., if encryption is
>being used). If no confidentiality is provided ("none" cipher),
>password authentication SHOULD be disabled. If there is no
>confidentiality or no MAC, password change SHOULD be disabled.
> {quote}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work started] (SSHD-948) Do not accept password authentication if the session is not encrypted
[
https://issues.apache.org/jira/browse/SSHD-948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Work on SSHD-948 started by Lyor Goldstein.
---
> Do not accept password authentication if the session is not encrypted
> -
>
> Key: SSHD-948
> URL: https://issues.apache.org/jira/browse/SSHD-948
> Project: MINA SSHD
> Issue Type: Improvement
>Affects Versions: 2.3.0
>Reporter: Lyor Goldstein
>Assignee: Lyor Goldstein
>Priority: Minor
>
> According to RFC4252 section 8:
> {quote}
>Both the server and the client should check whether the underlying
>transport layer provides confidentiality (i.e., if encryption is
>being used). If no confidentiality is provided ("none" cipher),
>password authentication SHOULD be disabled. If there is no
>confidentiality or no MAC, password change SHOULD be disabled.
> {quote}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Comment Edited] (SSHD-506) Add support for aes128/256-gcm ciphers
[
https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16951882#comment-16951882
]
Lyor Goldstein edited comment on SSHD-506 at 10/15/19 12:55 PM:
* My understanding of the RFC is that the _AAD_ value to use for the cipher is
the packet length.
* The problem seems to be with
{quote}
The authentication tag produced by AES-GCM authenticated encryption will be
placed in the MAC field at the end of the secure shell binary packet.
{quote}
Not sure how to make sure this is done by the current Java code
was (Author: lgoldstein):
My understanding of the RFC is that the _AAD_ value to use for the cipher is
the packet length.
> Add support for aes128/256-gcm ciphers
> --
>
> Key: SSHD-506
> URL: https://issues.apache.org/jira/browse/SSHD-506
> Project: MINA SSHD
> Issue Type: Improvement
>Reporter: Lyor Goldstein
>Priority: Minor
>
> See:
> * [rfc5647|https://tools.ietf.org/html/rfc5647]
> *
> [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
> * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
> * [JAVA AES 256 GCM encrypt/decrypt
> example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
> - especially the usage of {{GCMParameterSpec}} to initialize the cipher
> * [OpenJDK 8 AESCipher.java source
> code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java]
> ** See also
> [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java],
>
> [FeedbackCipher.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java],
>
> [GaloisCounterMode.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Updated] (SSHD-506) Add support for aes128/256-gcm ciphers
[
https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lyor Goldstein updated SSHD-506:
Description:
See:
* [rfc5647|https://tools.ietf.org/html/rfc5647]
*
[draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
* [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
* [JAVA AES 256 GCM encrypt/decrypt
example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
- especially the usage of {{GCMParameterSpec}} to initialize the cipher
* [OpenJDK 8 AESCipher.java source
code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java]
** See also
[CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java],
[FeedbackCipher.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java],
[GaloisCounterMode.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java]
was:
See:
* [rfc5647|https://tools.ietf.org/html/rfc5647]
*
[draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
* [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
* [JAVA AES 256 GCM encrypt/decrypt
example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
- especially the usage of {{GCMParameterSpec}} to initialize the cipher
* [OpenJDK 8 AESCipher.java source
code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java]
** See also
[CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java],
[FeedbackCipher.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java]
> Add support for aes128/256-gcm ciphers
> --
>
> Key: SSHD-506
> URL: https://issues.apache.org/jira/browse/SSHD-506
> Project: MINA SSHD
> Issue Type: Improvement
>Reporter: Lyor Goldstein
>Priority: Minor
>
> See:
> * [rfc5647|https://tools.ietf.org/html/rfc5647]
> *
> [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
> * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
> * [JAVA AES 256 GCM encrypt/decrypt
> example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
> - especially the usage of {{GCMParameterSpec}} to initialize the cipher
> * [OpenJDK 8 AESCipher.java source
> code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java]
> ** See also
> [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java],
>
> [FeedbackCipher.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java],
>
> [GaloisCounterMode.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Updated] (SSHD-506) Add support for aes128/256-gcm ciphers
[
https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lyor Goldstein updated SSHD-506:
Description:
See:
* [rfc5647|https://tools.ietf.org/html/rfc5647]
*
[draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
* [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
* [JAVA AES 256 GCM encrypt/decrypt
example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
- especially the usage of {{GCMParameterSpec}} to initialize the cipher
* [OpenJDK 8 AESCipher.java source
code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java]
** See also
[CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java],
[FeedbackCipher.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java]
was:
See:
* [rfc5647|https://tools.ietf.org/html/rfc5647]
*
[draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
* [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
* [JAVA AES 256 GCM encrypt/decrypt
example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
- especially the usage of {{GCMParameterSpec}} to initialize the cipher
* [OpenJDK 8 AESCipher.java source
code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java]
** See also
[CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java]
> Add support for aes128/256-gcm ciphers
> --
>
> Key: SSHD-506
> URL: https://issues.apache.org/jira/browse/SSHD-506
> Project: MINA SSHD
> Issue Type: Improvement
>Reporter: Lyor Goldstein
>Priority: Minor
>
> See:
> * [rfc5647|https://tools.ietf.org/html/rfc5647]
> *
> [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
> * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
> * [JAVA AES 256 GCM encrypt/decrypt
> example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
> - especially the usage of {{GCMParameterSpec}} to initialize the cipher
> * [OpenJDK 8 AESCipher.java source
> code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java]
> ** See also
> [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java],
>
> [FeedbackCipher.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Updated] (SSHD-506) Add support for aes128/256-gcm ciphers
[
https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lyor Goldstein updated SSHD-506:
Description:
See:
* [rfc5647|https://tools.ietf.org/html/rfc5647]
*
[draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
* [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
* [JAVA AES 256 GCM encrypt/decrypt
example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
- especially the usage of {{GCMParameterSpec}} to initialize the cipher
* [OpenJDK 8 AESCipher.java source
code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java]
** See also
[CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java]
was:
See:
* [rfc5647|https://tools.ietf.org/html/rfc5647]
*
[draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
* [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
* [JAVA AES 256 GCM encrypt/decrypt
example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
- especially the usage of {{GCMParameterSpec}} to initialize the cipher
* [OpenJDK 8 AESCipher.java source
code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java]
> Add support for aes128/256-gcm ciphers
> --
>
> Key: SSHD-506
> URL: https://issues.apache.org/jira/browse/SSHD-506
> Project: MINA SSHD
> Issue Type: Improvement
>Reporter: Lyor Goldstein
>Priority: Minor
>
> See:
> * [rfc5647|https://tools.ietf.org/html/rfc5647]
> *
> [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
> * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
> * [JAVA AES 256 GCM encrypt/decrypt
> example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
> - especially the usage of {{GCMParameterSpec}} to initialize the cipher
> * [OpenJDK 8 AESCipher.java source
> code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java]
> ** See also
> [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Updated] (SSHD-506) Add support for aes128/256-gcm ciphers
[
https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lyor Goldstein updated SSHD-506:
Description:
See:
* [rfc5647|https://tools.ietf.org/html/rfc5647]
*
[draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
* [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
* [JAVA AES 256 GCM encrypt/decrypt
example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
- especially the usage of {{GCMParameterSpec}} to initialize the cipher
* [OpenJDK 8 AESCipher.java source
code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java]
was:
See:
* [rfc5647|https://tools.ietf.org/html/rfc5647]
*
[draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
* [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
* [JAVA AES 256 GCM encrypt/decrypt
example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
- especially the usage of {{GCMParameterSpec}} to initialize the cipher
> Add support for aes128/256-gcm ciphers
> --
>
> Key: SSHD-506
> URL: https://issues.apache.org/jira/browse/SSHD-506
> Project: MINA SSHD
> Issue Type: Improvement
>Reporter: Lyor Goldstein
>Priority: Minor
>
> See:
> * [rfc5647|https://tools.ietf.org/html/rfc5647]
> *
> [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
> * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
> * [JAVA AES 256 GCM encrypt/decrypt
> example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
> - especially the usage of {{GCMParameterSpec}} to initialize the cipher
> * [OpenJDK 8 AESCipher.java source
> code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-506) Add support for aes128/256-gcm ciphers
[
https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16951882#comment-16951882
]
Lyor Goldstein commented on SSHD-506:
-
My understanding of the RFC is that the _AAD_ value to use for the cipher is
the packet length.
> Add support for aes128/256-gcm ciphers
> --
>
> Key: SSHD-506
> URL: https://issues.apache.org/jira/browse/SSHD-506
> Project: MINA SSHD
> Issue Type: Improvement
>Reporter: Lyor Goldstein
>Priority: Minor
>
> See:
> * [rfc5647|https://tools.ietf.org/html/rfc5647]
> *
> [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
> * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
> * [JAVA AES 256 GCM encrypt/decrypt
> example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
> - especially the usage of {{GCMParameterSpec}} to initialize the cipher
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Updated] (SSHD-506) Add support for aes128/256-gcm ciphers
[
https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lyor Goldstein updated SSHD-506:
Description:
See:
* [rfc5647|https://tools.ietf.org/html/rfc5647]
*
[draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
* [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
* [JAVA AES 256 GCM encrypt/decrypt
example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
- especially the usage of {{GCMParameterSpec}} to initialize the cipher
was:
See:
* [rfc5647|https://tools.ietf.org/html/rfc5647]
*
[draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
* [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
> Add support for aes128/256-gcm ciphers
> --
>
> Key: SSHD-506
> URL: https://issues.apache.org/jira/browse/SSHD-506
> Project: MINA SSHD
> Issue Type: Improvement
>Reporter: Lyor Goldstein
>Priority: Minor
>
> See:
> * [rfc5647|https://tools.ietf.org/html/rfc5647]
> *
> [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
> * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
> * [JAVA AES 256 GCM encrypt/decrypt
> example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
> - especially the usage of {{GCMParameterSpec}} to initialize the cipher
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Comment Edited] (SSHD-946) Supporting 'encrypt-then-MAC' mode
[
https://issues.apache.org/jira/browse/SSHD-946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16951848#comment-16951848
]
Lyor Goldstein edited comment on SSHD-946 at 10/15/19 11:30 AM:
Succeeded - the (un-documented ?) behavior compatible with {{OpenSSH}} is that
the padding should not take into account the length field (4 bytes) when
encrypt-then-MAC mode is used. Inferred by looking at the _C_ code:
{code:c}
aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0;
block_size = enc ? enc->block_size : 8;
if (aadlen) {
/* only the payload is encrypted */
need = state->packlen;
} else {
/*
* the payload size and the payload are encrypted, but we
* have a partial packet of block_size bytes
*/
need = 4 + state->packlen - block_size;
}
if (need % block_size != 0) {
logit("padding error: need %d block %d mod %d",
need, block_size, need % block_size);
return ssh_packet_start_discard(ssh, enc, mac, 0,
PACKET_MAX_SIZE - block_size);
}
{code}
was (Author: lgoldstein):
Succeeded - the (un-documented ?) behavior compatible with {{OpenSSH}} is that
the padding should not take into account the length field (4 bytes) when
encrypt-then-MAC mode is used.
> Supporting 'encrypt-then-MAC' mode
> --
>
> Key: SSHD-946
> URL: https://issues.apache.org/jira/browse/SSHD-946
> Project: MINA SSHD
> Issue Type: New Feature
>Reporter: Cornelis Hoeflake
>Assignee: Lyor Goldstein
>Priority: Major
>
> Hi, the current implementation uses by default '**encrypt-*and*-MAC' mode. Is
> it possible to change this (or at least made it possible) to
> 'encrypt-*then*-MAC'?
> Please see also:
> [https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-946) Supporting 'encrypt-then-MAC' mode
[
https://issues.apache.org/jira/browse/SSHD-946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16951848#comment-16951848
]
Lyor Goldstein commented on SSHD-946:
-
Succeeded - the (un-documented ?) behavior compatible with {{OpenSSH}} is that
the padding should not take into account the length field (4 bytes) when
encrypt-then-MAC mode is used.
> Supporting 'encrypt-then-MAC' mode
> --
>
> Key: SSHD-946
> URL: https://issues.apache.org/jira/browse/SSHD-946
> Project: MINA SSHD
> Issue Type: New Feature
>Reporter: Cornelis Hoeflake
>Assignee: Lyor Goldstein
>Priority: Major
>
> Hi, the current implementation uses by default '**encrypt-*and*-MAC' mode. Is
> it possible to change this (or at least made it possible) to
> 'encrypt-*then*-MAC'?
> Please see also:
> [https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work started] (SSHD-946) Supporting 'encrypt-then-MAC' mode
[ https://issues.apache.org/jira/browse/SSHD-946?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Work on SSHD-946 started by Lyor Goldstein. --- > Supporting 'encrypt-then-MAC' mode > -- > > Key: SSHD-946 > URL: https://issues.apache.org/jira/browse/SSHD-946 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Cornelis Hoeflake >Assignee: Lyor Goldstein >Priority: Major > > Hi, the current implementation uses by default '**encrypt-*and*-MAC' mode. Is > it possible to change this (or at least made it possible) to > 'encrypt-*then*-MAC'? > Please see also: > [https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
