Web lists-archives.com

Re: [Debian] Re: Undesired ssh login attempts


On Mon, Jun 11, 2018 at 07:12:32AM -0400, Jim Popovitch wrote:
> On Sun, 2018-06-10 at 14:27 +0300, Reco wrote:
> > 
> > Ciphers chacha20-poly1305@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx
> What's your thoughts on extending that a bit by adding aes256-ctr to
> that list?

Don't use it, unless compatibility with certain Windows SSH clients is
required. [1] is a good read on this Cipher.
What I can consider is ADEAD variety of AES, but - I'm uncertain
whenever it made its way to OpenSSH at all. It's not in Stretch's
version of openssh, that's for sure.


[1] https://crypto.stackexchange.com/questions/18538/aes256-cbc-vs-aes256-ctr-in-ssh