easy-admin icon indicating copy to clipboard operation
easy-admin copied to clipboard
verified publisher icon egberts

SSH: Discontinue use of CBC

Open egberts opened this issue 2 years ago • 0 comments

During the encryption part of server algorithm negotiation, CBC is to be avoided: use GCM or CTR.

The main difference between GCM and CTR is that GCM also provides authentication and integrity protection while CTR only provides confidentiality.

WARNING: AES-GCM has a limit to the size of data (~60GB) that it can encrypt before the counter cycles. But GCM and others may work fine.

No recommendation yet on GCM/CTR choice.

Reference

https://web.archive.org/web/20230000000000*/https://www.isg.rhul.ac.uk/~kp/surfeit.pdf

egberts avatar Nov 06 '23 12:11 egberts