[Ach] sshd_conf (Was: Recommending Blowfish in the ACH paper)

Aaron Zauner azet at azet.org
Tue Nov 5 16:55:19 CET 2013

>> This moves our discussion about recommended fish from Blowfish to Twofish.
> Is twofish (or threefish) even supported in any ciphersuite? 
Just remembered: that came up during discussion of the sshd configuration. I just checked; there is only blowfish available.


             Specifies the ciphers allowed for protocol version 2.  Multiple
             ciphers must be comma-separated.  The supported ciphers are
             ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'',
             ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'',
aes128-gcm at openssh.com'', ``aes256-gcm at openssh.com
             ``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'',
             and ``cast128-cbc''.  The default is:

Also, we should specify the key exchange properly:


             Specifies the available KEX (Key Exchange) algorithms.  Multiple
             algorithms must be comma-separated.  The default is
curve25519-sha256 at libssh.org
'', ``ecdh-sha2-nistp256'',
             ``ecdh-sha2-nistp384'', ``ecdh-sha2-nistp521'',
             ``diffie-hellman-group14-sha1'', ``diffie-hellman-group1-sha1’'.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131105/533baf1b/attachment.sig>

More information about the Ach mailing list