[BBLISA] 3des vs blowfish for ssh?
Tabor J. Wells
twells at fsckit.net
Wed Jan 12 16:49:43 EST 2005
On Wed, Jan 12, 2005 at 04:19:55PM -0500,
Dean Anderson <dean at av8.com> is thought to have said:
> I don't think we have any genuine encryption experts, so its hard to say
> which is really better. 3des is still used by banks. If I recall,
> Blowfish (or perhaps its IDEA or both) is patented. Although, now that
> you bring up the point, it is kind of funny that AES isn't in the list for
> ssh....
Sure it is. It depends on if your underlying encryption libs support it
though. On Fedora Core 3 for example:
> openssl version
OpenSSL 0.9.7a Feb 19 2003
> openssl ciphers
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:DHE-DSS-RC4-SHA:EXP-KRB5-RC4-MD5:EXP-KRB5-RC4-SHA:KRB5-RC4-MD5:KRB5-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:KRB5-DES-CBC3-MD5:KRB5-DES-CBC3-SHA:RC4-64-MD5:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:KRB5-DES-CBC-MD5:KRB5-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-RC4-MD5:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5
And snipped from a ssh -v session:
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
Wikipedia has some decent descriptions of various ciphers if you're
interested:
http://en.wikipedia.org/wiki/Blowfish_(cipher)
http://en.wikipedia.org/wiki/DES
http://en.wikipedia.org/wiki/Triple_DES
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard`
--
--------------------------------------------------------------------
Tabor J. Wells twells at fsckit.net
Fsck It! Just another victim of the ambient morality
More information about the bblisa
mailing list