[jira] [Commented] (SSHD-946) Supporting 'encrypt-then-MAC' mode
[ https://issues.apache.org/jira/browse/SSHD-946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16951848#comment-16951848 ] Lyor Goldstein commented on SSHD-946: - Succeeded - the (un-documented ?) behavior compatible with {{OpenSSH}} is that the padding should not take into account the length field (4 bytes) when encrypt-then-MAC mode is used. > Supporting 'encrypt-then-MAC' mode > -- > > Key: SSHD-946 > URL: https://issues.apache.org/jira/browse/SSHD-946 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Cornelis Hoeflake >Assignee: Lyor Goldstein >Priority: Major > > Hi, the current implementation uses by default '**encrypt-*and*-MAC' mode. Is > it possible to change this (or at least made it possible) to > 'encrypt-*then*-MAC'? > Please see also: > [https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-946) Supporting 'encrypt-then-MAC' mode
[ https://issues.apache.org/jira/browse/SSHD-946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16951078#comment-16951078 ] Lyor Goldstein commented on SSHD-946: - Thanks for the extra documentation - I will look it over. I already have some initial code, but have come across some problems when I try to interact with {{OpenSSH}} servers that seem to support the encrypt-then-MAC mode. Don't know how long it will take me to try and sort out the issues since I foresee being rather busy in the near future. If you want to try and give it a go then clone https://github.com/lgoldstein/mina-sshd/tree/SSHD-946... > Supporting 'encrypt-then-MAC' mode > -- > > Key: SSHD-946 > URL: https://issues.apache.org/jira/browse/SSHD-946 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Cornelis Hoeflake >Assignee: Lyor Goldstein >Priority: Major > > Hi, the current implementation uses by default '**encrypt-*and*-MAC' mode. Is > it possible to change this (or at least made it possible) to > 'encrypt-*then*-MAC'? > Please see also: > [https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-946) Supporting 'encrypt-then-MAC' mode
[ https://issues.apache.org/jira/browse/SSHD-946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16950988#comment-16950988 ] Cornelis Hoeflake commented on SSHD-946: Hi, Sorry for my late reply! Thanks for adding the OpenSSH link. Personally I'm not a security expert and could not find any useful documentation. For TLS there is RFC-7366, but I don't know if that helps and if there are any similarities between the specs. Please see: [https://tools.ietf.org/html/rfc7366]. > Supporting 'encrypt-then-MAC' mode > -- > > Key: SSHD-946 > URL: https://issues.apache.org/jira/browse/SSHD-946 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Cornelis Hoeflake >Assignee: Lyor Goldstein >Priority: Major > > Hi, the current implementation uses by default '**encrypt-*and*-MAC' mode. Is > it possible to change this (or at least made it possible) to > 'encrypt-*then*-MAC'? > Please see also: > [https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-946) Supporting 'encrypt-then-MAC' mode
[ https://issues.apache.org/jira/browse/SSHD-946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16942079#comment-16942079 ] Lyor Goldstein commented on SSHD-946: - The current implementation adheres to existing SSH standards. If you can provide documentation for an SSH +standard+ that implements _encrypt-then-mac_ and is also supported by other servers (especially {{OpenSSH}}) I would be glad to look into it. > Supporting 'encrypt-then-MAC' mode > -- > > Key: SSHD-946 > URL: https://issues.apache.org/jira/browse/SSHD-946 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Cornelis Hoeflake >Priority: Major > > Hi, the current implementation uses by default '**encrypt-*and*-MAC' mode. Is > it possible to change this (or at least made it possible) to > 'encrypt-*then*-MAC'? > Please see also: > [https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac] -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org