Web lists-archives.com

Re: [Debian] Re: [Debian] Re: [Debian] Re: Undesired ssh login attempts




On Mon, 2018-06-11 at 15:28 +0300, Reco wrote:
> I have two considerations on this then:
> 
> 1) Abforementioned link says that (and that applies to aes256-ctr):
> 
> * nonce reuse is catastrophic, confidentiality is completely lost
> * leaks somewhat more information about the size of the plaintext
> 
> Second I can live with, but first is a big "no" in my book.

I have to agree.  Thanks for pointing that out.

> 2) ConnectBot is nice, but I prefer Termux with a proper Debian
> chroot over it.

I'll certainly look into that.

> That way I'm certain that all the deficiencies/vulnerabilities
> discovered in a foreseeable future receive a timely update.

Ack. 

Thanks again,

-Jim P.

Attachment: signature.asc
Description: This is a digitally signed message part