Securing SSH
Greg Rivers
gcr+freebsd-security at tharned.org
Tue Jan 13 03:00:05 UTC 2015
On Sun, 11 Jan 2015, Jonathan Anderson wrote:
> I can't comment much on the elliptic-curve stuff, but I think it's a bit
> of a stretch to say that SHA-1 isn't safe for use in a KDF.
>
On Sun, 11 Jan 2015, Benjamin Kaduk wrote:
> The author also appears to not understand the difference between
> single-DES and triple-DES, so I would expect the value of that posting
> to be only as a brainstormed list of ideas to consider for further
> analysis.
>
On Mon, 12 Jan 2015, Ondra Knezour wrote:
> You may also want to consult The applied crypto hardening book draft at
> https://bettercrypto.org/ if you are looking for some "instant" security
> inspiration.
>
Thank you all for your informative replies. I suspected that the article
was a bit naive. Like many, I don't have a deep knowledge of
cryptography, so I appreciate your input. I thought it was worthwhile to
ask and perhaps generate some discussion about FreeBSD's default SSH
configuration.
On Mon, 12 Jan 2015, Zoran Kolic wrote:
> In fact, you got answer on openbsd misc list.
>
On Mon, 12 Jan 2015, Paul Hoffman wrote:
> Can you point to that for the rest of us? I'd rather not wade in
> openbsd-misc....
>
It took a lot of searching to find, but I suspect he's talking about
<http://thread.gmane.org/gmane.os.openbsd.tech/40343/focus=219119 >, which
fails parts 3 through 6 of the Boy Scout Law.
--
Greg
More information about the freebsd-security
mailing list