mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [mina-sshd] jvz commented on pull request #132: [SSHD-506] Add support for RFC 5647
Date Wed, 03 Jun 2020 01:34:17 GMT

jvz commented on pull request #132:
URL: https://github.com/apache/mina-sshd/pull/132#issuecomment-637901360


   Found one OSS implementation of the RFC version (disabled by default) in Erlang OTP. Seems
like the ambiguity about requiring a mac with an AEAD cipher caused OpenSSH to create their
variant in the first place. Docs: https://manpages.ubuntu.com/manpages/bionic/man7/ssh.7.html
   
   More notes here about the official ciphers: https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml
   
   Even if we were to take the spec literally, we could create another instance of `Cipher.getInstance("AES/GCM/NoPadding")`
and then only use the methods `updateAAD()` and `doFinal()` to use it in GMAC mode. The problem
there is that the mac still wouldn't necessarily be used since it's already built in to an
AEAD operation.
   
   I'll note this ambiguity is avoided in the OpenSSH ChaCha protocol: https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.chacha20poly1305?annotate=HEAD


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org


Mime
View raw message