Re: [JSch-users] AES ciphers on Jsch (was: JSch on Vmware ESX 3.0)
Status: Alpha
Brought to you by:
ymnk
From: <ym...@jc...> - 2007-08-16 06:31:27
|
Hi, I'm sorry for my delay of replying to you. # I have been on the vacation and will not be able to make # responses promptly until the end of next week. +-From: "Oberhuber, Martin" <Mar...@wi...> -- |_Date: Tue, 14 Aug 2007 16:20:42 +0200 _______________________ | |Based on these thoughts, I'd think that the default |values should be as follows: |"ciphers.s2c" "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc" |"ciphers.c2s" "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc" |"CheckCiphers" "aes256-cbc,aes192-cbc,aes128-cbc" ... |I think the problem if it's not the way I'm proposing is, |that if I write my application today and I want to make |use of aes192-cbc and aes256-cbc, I need to manually |override the config today; but if I do so, my application |cannot benefit from future addition of ciphers, because |I'm manually overriding the config already. I don't have strong counterarguments about ciphers, which should be checked. As I wrote in the previous message, AES 256/192 key will not be available on Sun's JRE(and also IBM's JRE?) by the default, and almost of all users can not use them, so I had drooped them from "CheckCiphers". Ok, now I don't hasitate to check them in the next release by the default. So,the default values will be as follows, "ciphers.s2c" "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc" "ciphers.c2s" "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc" "CheckCiphers" "aes256-cbc,aes192-cbc,aes128-cbc" as you have suggested. Thank you for your suggestion. Sincerely, -- Atsuhiko Yamanaka JCraft,Inc. 1-14-20 HONCHO AOBA-KU, SENDAI, MIYAGI 980-0014 Japan. Tel +81-22-723-2150 +1-415-578-3454 Fax +81-22-224-8773 Skype callto://jcraft/ |