Date: Sun, 11 Jan 2015 21:23:25 -0500 (EST) From: Benjamin Kaduk <kaduk@MIT.EDU> To: Jonathan Anderson <jonathan@freebsd.org> Cc: Greg Rivers <gcr+freebsd-security@tharned.org>, freebsd-security@freebsd.org Subject: Re: Securing SSH Message-ID: <alpine.GSO.1.10.1501112122400.23489@multics.mit.edu> In-Reply-To: <54B32FC8.1080000@FreeBSD.org> References: <alpine.BSF.2.11.1501111913310.9102@angus.tharned.org> <54B32FC8.1080000@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
The author also appears to not understand the difference between single-DES and triple-DES, so I would expect the value of that posting to be only as a brainstormed list of ideas to consider for further analysis. -Ben On Sun, 11 Jan 2015, Jonathan Anderson wrote: > Hi, > > I can't comment much on the elliptic-curve stuff, but I think it's a bit of a > stretch to say that SHA-1 isn't safe for use in a KDF. > > Just my two cents, > > > Jon > > > Greg Rivers <mailto:gcr+freebsd-security@tharned.org> > > 11 January 2015 at 21:52 > > I came across an interesting article[1] about more secure SSH > > configurations. What do our resident cryptographers think about this? > > Would it make sense to adjust FreeBSD defaults accordingly? > > > > [1] https://stribika.github.io/2015/01/04/secure-secure-shell.html > > > > -- Jonathan Anderson > jonathan@FreeBSD.org > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.GSO.1.10.1501112122400.23489>