[hopefully on topic] is SSH secure in default configuration?
Oleg Goldshmidt
pub at goldshmidt.org
Sun Sep 8 18:26:41 IDT 2013
Aviram Jenik <aviram at jenik.com> writes:
> The question "is encryption ABC safe" is nowadays a purely academic
> question and only academics care about them (no offense Oleg).
None taken[*]. I re-read my post and I see now that I didn't emphasize
that I meant "OpenSSH implementation of AES" when I wrote "AES". All my
wondering is about SSH on Linux, not about maths, but I realize now that
I did not make it clear, apart from the subject line. ;-) [I did say the
question was strictly curiousity-driven.]
Having said that, safety is defined/interpreted in terms of cost and
time required from an adversary. I have no idea how many Hubble times
one would need to break either AES-128 or AES-256 given the aggregate
resources of Top500 (or NSA) or custom HW, or how many orders of
magnitude can be shaved off by clever use of additional
information[*]. But I would not completely discount the rate at which
the safety margin of a fixed (in terms of number of rounds, etc.)
implementation is shrinking.
To emphasize again, I expect NSA, if they suddenly develop an interest
in one of my machines, to break in exploiting an unpatched bug somewhere
rather than breaking AES, of course.
[*] I hope no member of Linux-IL who has authored academic papers on
attacks on AES that experts dubbed "almost practical" will be
offended, either. ;-)
https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
http://www.wisdom.weizmann.ac.il/~tromer/papers/cache.pdf
--
Oleg Goldshmidt | pub at goldshmidt.org
More information about the Linux-il
mailing list