From owner-freebsd-current@freebsd.org Tue Nov 24 20:29:49 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E410EA35B49 for ; Tue, 24 Nov 2015 20:29:48 +0000 (UTC) (envelope-from azet@azet.org) Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6E14A1CE2 for ; Tue, 24 Nov 2015 20:29:48 +0000 (UTC) (envelope-from azet@azet.org) Received: by wmuu63 with SMTP id u63so112385230wmu.0 for ; Tue, 24 Nov 2015 12:29:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=azet.org; s=gmail; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=I1cjIwDum00Mtr6ITLCfRGXXhMOZJ5ev+9VdLbjCSgc=; b=H3x3fQmoEDnW6UVpdrqOlOeJsUOFrxQgZxf7Qnyc4Ibgv9Iz6vEuRtzIximexPOzv1 o+YuW725Yg+vc4bHH3dY/AzEVxqL0S5y9fJN0QRe3b4UZGdvyElbBayKyZv7r2BQDwlT Eszgj4r9zeAuxLhsXQjtToGaYOa3KZDFMbkHA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=I1cjIwDum00Mtr6ITLCfRGXXhMOZJ5ev+9VdLbjCSgc=; b=AMVIWjho1wDflbPAUPut6medh1jmhpEj3L/xIKjHy55SDE/gHCyAXNNTBVpUcjVnKk N0DxvJn73ix3q+PQBYXLQ0Kn3EuyrNUhbAJYVdQOYFz6HpvEx4ii6i5YcMy9Ccp5n98t ybiEFq5JT9jT7MdJmzf3wpxV/wgakw+0JCHCvqOEzE0h6+NEnH5Y7DcW6dsaZe6ukIrD 3QaoP+xTwPITcRjw/4LiQbNzkiahfVahmzOoE0zpnUDFOMHWDvm3BBUt7Mi8F0+AiORl DpVRgmM5YBsIUSOLTGLCEwvzuA6MtfH66d6qHmgSzMox53IGsUeCgCVODaXZf6t45hHf dhXA== X-Gm-Message-State: ALoCoQmpmP1tk3pqJ0s+73q+hwaQLrj9I2mhVObjORNjWSYsqZ05SMDW2+Al2IJzTYdApWW7TB13 X-Received: by 10.194.21.170 with SMTP id w10mr45287780wje.29.1448396986639; Tue, 24 Nov 2015 12:29:46 -0800 (PST) Received: from typhoon.azet.org (chello080108049181.14.11.vie.surfer.at. [80.108.49.181]) by smtp.gmail.com with ESMTPSA id bh6sm8839555wjb.0.2015.11.24.12.29.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 24 Nov 2015 12:29:45 -0800 (PST) Date: Tue, 24 Nov 2015 21:29:44 +0100 From: Aaron Zauner To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= Cc: Benjamin Kaduk , freebsd-security@freebsd.org, freebsd-current@freebsd.org, Dewayne Geraghty Subject: Re: OpenSSH HPN Message-ID: <20151124212613.4ff9b25ea0@80601bfc61c7744> References: <56428F59.5010908@FreeBSD.org> <86y4e47uty.fsf@desk.des.no> <56436F4B.8050002@FreeBSD.org> <86r3jwfpiq.fsf@desk.des.no> <20151111181339.GE48728@zxy.spb.ru> <86io58flhk.fsf@desk.des.no> <20151111184448.GR31314@zxy.spb.ru> <86egfu9z0j.fsf@desk.des.no> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="fdj2RfSjLxBAspz7" Content-Disposition: inline In-Reply-To: <86egfu9z0j.fsf@desk.des.no> User-Agent: Mutt/1.5.23 (2014-03-12) X-Mailman-Approved-At: Tue, 24 Nov 2015 20:36:15 +0000 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Nov 2015 20:29:49 -0000 --fdj2RfSjLxBAspz7 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Hi, Please forgive my ignorance but what's the reason FreeBSD ships OpenSSH patched with HPN by default? Besides my passion for security, I've been working in the HPC sector for a while and benchmarked the patch for a customer about 1.5 years ago. The CTR-multi threading patch is actually *slower* than upstream OpenSSH with AES in CTR mode. GCM being, of course, the fastest mode on AESNI plattforms. The NULL mode is a security concern as some have noted, I can only imagine that the window-scaling patch is of such importance? Thanks, Aaron --fdj2RfSjLxBAspz7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWVMi2AAoJEOTbZJL9ubXVrCUQAOrENcA7FCWx7zONIjZWy0iq Q4rdk1vZmew7JD8M4pJ4EQLi86RqtLcZOYOX311n2Myj78oQfkaKG/0wkGkBSm3B MXIrmeY3fP0YJWYaB/NIhV0tC5sQ4sanQIhLSniu1hmYuCZi8Qvp9MbQeGhcLSFF cY7HKWZ3xmo3d994APe8VOYsekVRk0Cp3+3R2nPBcqbZZmLep++3avPBDWpqMVxf 7lDwPvcF7U9pSs/fQZ4Wz5JX98vyYCW16atMaA1VPyay0uaIhKEEiuiKbh0iyEnl DC8/6IT3YBd54BOmgqByKWHW5l8KS1CUbk91potLkW56rTPHqjF9H6VcefQPzzGn 68bve655W0IUU4LGPfwjMc9g8GPE4cxY7MX2eYU8qC1aIPRH/i16oamvkeclCtEQ XgaHPAmqV8vDVa/P+THQlC7lIje8c3b79k6HQe4MmoRZr4impxjs2Gzy2rZJ9pgj we64Z7SjI76oq5q/nmGVJZChneXSdf/VV9lrEo/odrZTjQW9twuENJVwh8trDyPz L6WTwJ1dWX9GjG1i19OnGZCoE/5N9NlTNuiUThc4U/xESaMxc53nEIfB5+40nIhv x3sKaN0wqeUunCJ7XCxLkzu0g8FPPS3XrHIFlLcISpn5cjJCB/09UdclUS+zKR01 PFb2fGazLpJX3/Lx6fXc =jJSH -----END PGP SIGNATURE----- --fdj2RfSjLxBAspz7--