IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

RE: New version of rsa-sha2-256 draft: Back to PKCS#1 v1.5



denis bider <ietf-ssh3%denisbider.com@localhost> writes:

>I have posted a new version of the draft, which switches back to PKCS#1 v1.5:

Phew, thanks, that makes things much easier to deal with.

>I have also updated the experimental server so it implements the latest draft
>version (with PKCS#1 v1.5):
>
>experiment.bitvise.com:10712
>
>To test host authentication, set the list of host key algorithms in your
>KEXINIT to "rsa-sha2-256" or "rsa-sha2-512". You will need at least one of
>these for successful key exchange - the server doesn't offer anything else.

It also only provides CTR modes, but none of the modes listed in RFC 4253:

  Attempt to activate SSH client session failed with error code -20, line 1129.
  Error message =
  'No algorithm compatible with the remote system's selection was found: 
   'aes256-ctr,aes192-ctr,aes128-ctr,3des-ctr''.

I do the REQUIRED and RECOMMENDED's from the original SSHv2 spec, RFC 4253,
but not the 4344 ones yet.

(Yeah, I know, I should probably add them, but given that CTR mode makes it
possible for an attacker to trivially set the plaintext to any value they
want, I've never really been convinced that the cure isn't worse than the
problem).

Peter.


Home | Main Index | Thread Index | Old Index