Date: 3 May 2000 22:27:06 +0200 From: naddy@mips.inka.de (Christian Weisgerber) To: freebsd-questions@freebsd.org Subject: Re: OpenSSH algorithms Message-ID: <8eq22q$2kl8$1@bigeye.rhein-neckar.de> References: <4.3.1.2.20000503140108.00b5e340@216.67.12.69>
next in thread | previous in thread | raw e-mail | index | archive | help
Forrest Aldrich <forrie@forrie.com> wrote: > Does our OpenSSH port only use the RSA algorithm? I didn't see any > options to use other algorithms (idea, etc) which may be free from > patent issues. This would be a good thing to have, IMHO, and would > avoid all these other problems with RSA usage. > > Or did I miss something :) Most importantly, you missed the destinction between asymmetric encryption algorithms used for public key exchanges and symmetric encryption used for most of the actual work. The SSH1 protocol is fixed in its use of RSA for public keys. These are used for authentication and to encrypt a temporary symmetric key. The latter is used for actual data encryption during a session, since the available symmetric encryption schemes are much faster. SSH1 users can choose from a variety of symmetric encryption algorithms. OpenSSH provides 3DES and Blowfish. IDEA was dropped because it does suffer from patent issues. The SSH2 protocol uses DSA for public keys. Apparently DSA is unencumbered. The next release of OpenSSH (to be included in OpenBSD 2.7) will support SSH2. FreeBSD's OpenSSH will be updated as soon as things have stabilized on the OpenBSD side. -- Christian "naddy" Weisgerber naddy@mips.inka.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8eq22q$2kl8$1>