On Tue, 27 Jan 2009, Nicolas Williams wrote:
>On Tue, Jan 27, 2009 at 11:31:07PM +0100, Jan Pechanec wrote:
>> could you give me an example? All clients I checked had AES-CTR or
>> arcfour support. I'm sure there are some but I don't believe they would be
>> widely used. The problem for us was that S9 machines were shipped with
>> explicit Ciphers setting which didn't contain AES-CTR nor arcfour, not that
>> the server itself wouldn't support them as such.
>
>I sent you a list of all the clients I looked at, and many had only CBC
>mode ciphers, though all such clients were marginal clients (e.g., Ruby
>Net:SSH has only CBC mode ciphers, but Perl Net:SSH has arcfour, the
>palm ssh client has only CBC mode ciphers, ...).
I found the email and it seems to me that only pssh and
Ruby's Net:SSH were mentioned as not capable of AES-CTR nor arcfour.
I checked again quite a few clients today, including those in
Dropbear, TeraTerm, AbsoluteTelnet, putty, libssh2, lsh, cURL, Tectia,
VanDyke - all support either AES-CTR or arcfour (or both).
there are some implementations that are commercial with no info on
cipher modes availabe, PenguinNet, for example.
I'm wondering what were those clients that Jeff hit when trying to
convert to CTR modes.
--
Jan Pechanec
