Re: [JSch-users] AES ciphers on Jsch (was: JSch on Vmware ESX 3.0)
Status: Alpha
Brought to you by:
ymnk
Menu
▾
▴
Re: [JSch-users] AES ciphers on Jsch (was: JSch on Vmware ESX 3.0)
|
From: <ym...@jc...> - 2007-08-16 06:31:27
|
Hi,
I'm sorry for my delay of replying to you.
# I have been on the vacation and will not be able to make
# responses promptly until the end of next week.
+-From: "Oberhuber, Martin" <Mar...@wi...> --
|_Date: Tue, 14 Aug 2007 16:20:42 +0200 _______________________
|
|Based on these thoughts, I'd think that the default
|values should be as follows:
|"ciphers.s2c" "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc"
|"ciphers.c2s" "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc"
|"CheckCiphers" "aes256-cbc,aes192-cbc,aes128-cbc"
...
|I think the problem if it's not the way I'm proposing is,
|that if I write my application today and I want to make
|use of aes192-cbc and aes256-cbc, I need to manually
|override the config today; but if I do so, my application
|cannot benefit from future addition of ciphers, because
|I'm manually overriding the config already.
I don't have strong counterarguments about ciphers, which should be checked.
As I wrote in the previous message, AES 256/192 key will not be available
on Sun's JRE(and also IBM's JRE?) by the default, and almost of all users
can not use them, so I had drooped them from "CheckCiphers". Ok, now
I don't hasitate to check them in the next release by the default.
So,the default values will be as follows,
"ciphers.s2c" "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc"
"ciphers.c2s" "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc"
"CheckCiphers" "aes256-cbc,aes192-cbc,aes128-cbc"
as you have suggested. Thank you for your suggestion.
Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
+1-415-578-3454
Fax +81-22-224-8773
Skype callto://jcraft/
|