Re: aes-ctr vs aes-cbc
Mark, I was just at SHARE, and was talking to Greg Boyd from IBM. He told me about your topic on IBM-MAIN (this is the first time I've been on here). I'm also interested in getting the AES CTR cipher support added to ICSF. Please let me know how I can get my name added to the list! I discussed my requirements with the IBM developer (Steven?) who was in Greg's last Crypto session; but being part of an official request would probably be better. Thanks. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: aes-ctr vs aes-cbc
On 03/17/14 15:11, Don Brooke wrote: Mark, I was just at SHARE, and was talking to Greg Boyd from IBM. He told me about your topic on IBM-MAIN (this is the first time I've been on here). I'm also interested in getting the AES CTR cipher support added to ICSF. Please let me know how I can get my name added to the list! I discussed my requirements with the IBM developer (Steven?) who was in Greg's last Crypto session; but being part of an official request would probably be better. Thanks. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN Sure, glad for any additional voices to be added to the chorus. IBM entered two marketing requirements for this enhancement /request MR0310145254 and MR031114402.// / MR0310145254: Provide support for CTR mode for AES algorithm. (ICSF) MR031114402: Ported Tools OpenSSH should provide support for CTR mode for AES algorithm. -- Mark Jacobs Time Customer Service Tampa, FL The quiet ones are the ones that change the universe... The loud ones only take the credit. Londo Mollari - Babylon 5 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: aes-ctr vs aes-cbc
I've asked our Account team to add us to the interested parties list of the MR's Jerry Whitteridge Lead Systems Programmer Safeway Inc. 925 951 4184 If you feel in control you just aren't going fast enough. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Mark Jacobs Sent: Monday, March 17, 2014 12:30 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: aes-ctr vs aes-cbc On 03/17/14 15:11, Don Brooke wrote: Mark, I was just at SHARE, and was talking to Greg Boyd from IBM. He told me about your topic on IBM-MAIN (this is the first time I've been on here). I'm also interested in getting the AES CTR cipher support added to ICSF. Please let me know how I can get my name added to the list! I discussed my requirements with the IBM developer (Steven?) who was in Greg's last Crypto session; but being part of an official request would probably be better. Thanks. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN Sure, glad for any additional voices to be added to the chorus. IBM entered two marketing requirements for this enhancement /request MR0310145254 and MR031114402.// / MR0310145254: Provide support for CTR mode for AES algorithm. (ICSF) MR031114402: Ported Tools OpenSSH should provide support for CTR mode for AES algorithm. -- Mark Jacobs Time Customer Service Tampa, FL The quiet ones are the ones that change the universe... The loud ones only take the credit. Londo Mollari - Babylon 5 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN Email Firewall made the following annotations. -- Warning: All e-mail sent to this address will be received by the corporate e-mail system, and is subject to archival and review by someone other than the recipient. This e-mail may contain proprietary information and is intended only for the use of the intended recipient(s). If the reader of this message is not the intended recipient(s), you are notified that you have received this message in error and that any review, dissemination, distribution or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately. == -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: aes-ctr vs aes-cbc
Mark, I was thinking about whether there are good temporary workarounds for your problem. First attempt: I was thinking that you could maybe use Match for the specific client host that needs it and then in sshd_config add aes_ctr to the Ciphers for that client and in zos_sshd_config change CiphersSource to any for that client. No go - neither one of those keywords are allowed in a Match block in sshd_config. Looking at the open source code, some things like key-exchange (which is where Ciphers are negotiated) pretty early, before Match blocks are available. Pity. But it is straight-forward to ask the client (assuming they have OpenSSH and most others) to put a Match block for your server in ssh_config and then add aesxxx-cbc to the Cipher (it is allowed there). aes-cbc is FIPS certified, but out of favor in ssh because of a potential vulnerability. z/OS OpenSSH doesn't suffer exposure, but some implementations do. Some shops are extra vigilant :-) Second attempt: As you have done, add the aes-ctr ciphers to your sshd_config Ciphers list (along with the ICSF supported ciphers) also change zos_sshd_config CiphersSource to any this will solve your problem, since OpenSSL will be used for any Cipher (aes-ctr) that is not supported by ICSF. The problem is that you will probably end up using aes-ctr for *most* sessions into your server, since these are at the front of the default list for most client implementations. That will mean that you won't use ICSF for your sshd ciphers. Not great unless you have CPU cycles to burn :-) So, the first approach is the best if you can coordinate it with your trouble client. Kirk Wolf Dovetailed Technologies http://dovetail.com PS We have a new document available: IBM Ported Tools z/OS OpenSSH - Quick Start Guide, which covers setup and tuning of OpenSSH + ICSF crypto. It can be found on the main page of our web site. On Mon, Mar 10, 2014 at 10:02 AM, Mark Jacobs mark.jac...@custserv.comwrote: We've been trying to migrate our ssh/sftp environment, for both our client and server users to only use FIPS-140-2 certified ciphers, and run ICSF in FIPS mode. We've had no problems doing so, except with one of our partners who states that their security policy will not allow their sftp server to accept data transmitted with any CBC cipher. I tried adding the aes-ctr ciphers to our allowed list, but it doesn't look like ICSF can handle it, which is needed for ICSF to execute in FIPS mode. It seems like I'm in a unresolvable problem from a technology standpoint, unless our partner changes their policy, which I don't understand why they don't allow FIPS-140-2 certified ciphers to be used. -- Mark Jacobs Time Customer Service Tampa, FL The quiet ones are the ones that change the universe... The loud ones only take the credit. Londo Mollari - Babylon 5 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: aes-ctr vs aes-cbc
I did request that IBM open up a DCR, MR0310145254 - Provide support for CTR mode for AES algorithm. With priority 'urgent'. The deadline for a response is 2014 Jun08. The more people that concur the better I'm assuming. Mark Jacobs On 03/10/14 18:48, Kirk Wolf wrote: Right. As I understand this was a potential vulnerability in *some* implementations. According to IBM, there's does not, but some partners may have it disabled. IMO it is a good idea to submit your requirement to IBM to support AES CTR mode in ICSF. CTR mode also has the advantage of being able to multi-thread encryption of packets, since each packet can be encrypted in parallel. There is nothing missing from CPACF instructions that is needed - if you write directly to CPACF you can easily implement AES-CTR mode. Kirk Wolf Dovetailed Technologies http://dovetail.com On Mon, Mar 10, 2014 at 5:05 PM, Steve Finch sfi...@recoverypoint.comwrote: Some shops do not allow aes-cbc because of the 'Padding Oracle Attack' problem, since AES-CBC uses padding. aes-ctr does not use padding Also FIPS 140-2 was published in 2001 and last updated in 2002 Steve Finch Recovery Point -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Mark Jacobs Sent: Monday, March 10, 2014 11:02 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: aes-ctr vs aes-cbc We've been trying to migrate our ssh/sftp environment, for both our client and server users to only use FIPS-140-2 certified ciphers, and run ICSF in FIPS mode. We've had no problems doing so, except with one of our partners who states that their security policy will not allow their sftp server to accept data transmitted with any CBC cipher. I tried adding the aes-ctr ciphers to our allowed list, but it doesn't look like ICSF can handle it, which is needed for ICSF to execute in FIPS mode. It seems like I'm in a unresolvable problem from a technology standpoint, unless our partner changes their policy, which I don't understand why they don't allow FIPS-140-2 certified ciphers to be used. -- Mark Jacobs Time Customer Service Tampa, FL The quiet ones are the ones that change the universe... The loud ones only take the credit. Londo Mollari - Babylon 5 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Mark Jacobs Time Customer Service Tampa, FL The quiet ones are the ones that change the universe... The loud ones only take the credit. Londo Mollari - Babylon 5 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: aes-ctr vs aes-cbc
Mark, Yes, Ported Tools OpenSSH with ICSF does not support CTR mode AES ciphers. I would ask that you submit a requirement for this. I happen to be giving a SHARE presentation in Aneheim today which covers this. If you happen to be here, please stop and say hi. https://share.confex.com/share/122/webprogram/Session14787.html Kirk Wolf Dovetailed Technologies http://dovetail.com On Mon, Mar 10, 2014 at 10:02 AM, Mark Jacobs mark.jac...@custserv.comwrote: We've been trying to migrate our ssh/sftp environment, for both our client and server users to only use FIPS-140-2 certified ciphers, and run ICSF in FIPS mode. We've had no problems doing so, except with one of our partners who states that their security policy will not allow their sftp server to accept data transmitted with any CBC cipher. I tried adding the aes-ctr ciphers to our allowed list, but it doesn't look like ICSF can handle it, which is needed for ICSF to execute in FIPS mode. It seems like I'm in a unresolvable problem from a technology standpoint, unless our partner changes their policy, which I don't understand why they don't allow FIPS-140-2 certified ciphers to be used. -- Mark Jacobs Time Customer Service Tampa, FL The quiet ones are the ones that change the universe... The loud ones only take the credit. Londo Mollari - Babylon 5 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: aes-ctr vs aes-cbc
Some shops do not allow aes-cbc because of the 'Padding Oracle Attack' problem, since AES-CBC uses padding. aes-ctr does not use padding Also FIPS 140-2 was published in 2001 and last updated in 2002 Steve Finch Recovery Point -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Mark Jacobs Sent: Monday, March 10, 2014 11:02 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: aes-ctr vs aes-cbc We've been trying to migrate our ssh/sftp environment, for both our client and server users to only use FIPS-140-2 certified ciphers, and run ICSF in FIPS mode. We've had no problems doing so, except with one of our partners who states that their security policy will not allow their sftp server to accept data transmitted with any CBC cipher. I tried adding the aes-ctr ciphers to our allowed list, but it doesn't look like ICSF can handle it, which is needed for ICSF to execute in FIPS mode. It seems like I'm in a unresolvable problem from a technology standpoint, unless our partner changes their policy, which I don't understand why they don't allow FIPS-140-2 certified ciphers to be used. -- Mark Jacobs Time Customer Service Tampa, FL The quiet ones are the ones that change the universe... The loud ones only take the credit. Londo Mollari - Babylon 5 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: aes-ctr vs aes-cbc
Right. As I understand this was a potential vulnerability in *some* implementations. According to IBM, there's does not, but some partners may have it disabled. IMO it is a good idea to submit your requirement to IBM to support AES CTR mode in ICSF. CTR mode also has the advantage of being able to multi-thread encryption of packets, since each packet can be encrypted in parallel. There is nothing missing from CPACF instructions that is needed - if you write directly to CPACF you can easily implement AES-CTR mode. Kirk Wolf Dovetailed Technologies http://dovetail.com On Mon, Mar 10, 2014 at 5:05 PM, Steve Finch sfi...@recoverypoint.comwrote: Some shops do not allow aes-cbc because of the 'Padding Oracle Attack' problem, since AES-CBC uses padding. aes-ctr does not use padding Also FIPS 140-2 was published in 2001 and last updated in 2002 Steve Finch Recovery Point -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Mark Jacobs Sent: Monday, March 10, 2014 11:02 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: aes-ctr vs aes-cbc We've been trying to migrate our ssh/sftp environment, for both our client and server users to only use FIPS-140-2 certified ciphers, and run ICSF in FIPS mode. We've had no problems doing so, except with one of our partners who states that their security policy will not allow their sftp server to accept data transmitted with any CBC cipher. I tried adding the aes-ctr ciphers to our allowed list, but it doesn't look like ICSF can handle it, which is needed for ICSF to execute in FIPS mode. It seems like I'm in a unresolvable problem from a technology standpoint, unless our partner changes their policy, which I don't understand why they don't allow FIPS-140-2 certified ciphers to be used. -- Mark Jacobs Time Customer Service Tampa, FL The quiet ones are the ones that change the universe... The loud ones only take the credit. Londo Mollari - Babylon 5 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN