Web lists-archives.com

Re: [Debian] Re: [Debian] Re: Undesired ssh login attempts




	Hi.

On Mon, Jun 11, 2018 at 08:04:35AM -0400, Jim Popovitch wrote:
> On Mon, 2018-06-11 at 14:51 +0300, Reco wrote:
> > 	Hi.
> > 
> > On Mon, Jun 11, 2018 at 07:12:32AM -0400, Jim Popovitch wrote:
> > > On Sun, 2018-06-10 at 14:27 +0300, Reco wrote:
> > > > 
> > > > Ciphers chacha20-poly1305@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx
> > > 
> > > What's your thoughts on extending that a bit by adding aes256-ctr
> > > to
> > > that list?
> > 
> > Don't use it, unless compatibility with certain Windows SSH clients
> > is
> > required. [1] is a good read on this Cipher.
> > What I can consider is ADEAD variety of AES, but - I'm uncertain
> > whenever it made its way to OpenSSH at all. It's not in Stretch's
> > version of openssh, that's for sure.
> > 
> 
> Hmmm.  I was reading [1] earlier and felt that "Don't use it" applied
> to CBC but not CTR.  I use ConnectBot (Android SSH client app) and it
> has a limited set of ciphers.

I have two considerations on this then:

1) Abforementioned link says that (and that applies to aes256-ctr):

* nonce reuse is catastrophic, confidentiality is completely lost
* leaks somewhat more information about the size of the plaintext

Second I can live with, but first is a big "no" in my book.

2) ConnectBot is nice, but I prefer Termux with a proper Debian chroot
over it.
That way I'm certain that all the deficiencies/vulnerabilities
discovered in a foreseeable future receive a timely update.

Reco