[jira] [Commented] (SSHD-946) Supporting 'encrypt-then-MAC' mode

2019-10-15 Thread Lyor Goldstein (Jira) 


[ 
https://issues.apache.org/jira/browse/SSHD-946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16951848#comment-16951848
 ] 

Lyor Goldstein commented on SSHD-946:
-

Succeeded - the (un-documented ?) behavior compatible with {{OpenSSH}} is that 
the padding should not take into account the length field (4 bytes) when 
encrypt-then-MAC mode is used.

> Supporting 'encrypt-then-MAC' mode
> --
>
> Key: SSHD-946
> URL: https://issues.apache.org/jira/browse/SSHD-946
> Project: MINA SSHD
>  Issue Type: New Feature
>Reporter: Cornelis Hoeflake
>Assignee: Lyor Goldstein
>Priority: Major
>
> Hi, the current implementation uses by default '**encrypt-*and*-MAC' mode. Is 
> it possible to change this (or at least made it possible) to 
> 'encrypt-*then*-MAC'?
> Please see also: 
> [https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-946) Supporting 'encrypt-then-MAC' mode

2019-10-14 Thread Lyor Goldstein (Jira) 


[ 
https://issues.apache.org/jira/browse/SSHD-946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16951078#comment-16951078
 ] 

Lyor Goldstein commented on SSHD-946:
-

Thanks for the extra documentation - I will look it over. I already have some 
initial code, but have come across some problems when I try to interact with 
{{OpenSSH}} servers that seem to support the encrypt-then-MAC mode. Don't know 
how long it will take me to try and sort out the issues since I foresee being 
rather busy in the near future. If you want to try and give it a go then clone 
https://github.com/lgoldstein/mina-sshd/tree/SSHD-946...

> Supporting 'encrypt-then-MAC' mode
> --
>
> Key: SSHD-946
> URL: https://issues.apache.org/jira/browse/SSHD-946
> Project: MINA SSHD
>  Issue Type: New Feature
>Reporter: Cornelis Hoeflake
>Assignee: Lyor Goldstein
>Priority: Major
>
> Hi, the current implementation uses by default '**encrypt-*and*-MAC' mode. Is 
> it possible to change this (or at least made it possible) to 
> 'encrypt-*then*-MAC'?
> Please see also: 
> [https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-946) Supporting 'encrypt-then-MAC' mode

2019-10-14 Thread Cornelis Hoeflake (Jira) 


[ 
https://issues.apache.org/jira/browse/SSHD-946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16950988#comment-16950988
 ] 

Cornelis Hoeflake commented on SSHD-946:


Hi, Sorry for my late reply! Thanks for adding the OpenSSH link. Personally I'm 
not a security expert and could not find any useful documentation.

For TLS there is RFC-7366, but I don't know if that helps and if there are any 
similarities between the specs. Please see: 
[https://tools.ietf.org/html/rfc7366]. 

> Supporting 'encrypt-then-MAC' mode
> --
>
> Key: SSHD-946
> URL: https://issues.apache.org/jira/browse/SSHD-946
> Project: MINA SSHD
>  Issue Type: New Feature
>Reporter: Cornelis Hoeflake
>Assignee: Lyor Goldstein
>Priority: Major
>
> Hi, the current implementation uses by default '**encrypt-*and*-MAC' mode. Is 
> it possible to change this (or at least made it possible) to 
> 'encrypt-*then*-MAC'?
> Please see also: 
> [https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-946) Supporting 'encrypt-then-MAC' mode

2019-10-01 Thread Lyor Goldstein (Jira) 


[ 
https://issues.apache.org/jira/browse/SSHD-946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16942079#comment-16942079
 ] 

Lyor Goldstein commented on SSHD-946:
-

The current implementation adheres to existing SSH standards. If you can 
provide documentation for an SSH +standard+ that implements _encrypt-then-mac_ 
and is also supported by other servers (especially {{OpenSSH}}) I would be glad 
to look into it.

> Supporting 'encrypt-then-MAC' mode
> --
>
> Key: SSHD-946
> URL: https://issues.apache.org/jira/browse/SSHD-946
> Project: MINA SSHD
>  Issue Type: New Feature
>Reporter: Cornelis Hoeflake
>Priority: Major
>
> Hi, the current implementation uses by default '**encrypt-*and*-MAC' mode. Is 
> it possible to change this (or at least made it possible) to 
> 'encrypt-*then*-MAC'?
> Please see also: 
> [https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org