openssh-unix-dev January 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: Re: Call for testing: OpenSSH-5.7

Re: Call for testing: OpenSSH-5.7

From: Steve Marquess <marquess_at_nospam>
Date: Fri Jan 21 2011 - 12:47:20 GMT
To: Damien Miller <djm@mindrot.org>

Damien Miller wrote:
> On Thu, 20 Jan 2011, Steve Marquess wrote:
>
>
>> Well, use of CTR is arguably legal but IMHO questionable. AES-CTR is not
>> included in the #1051 validation (see
>> http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#695), and there
>> is no compelling reason to use it (with or without FIPS 140-2).
>>
>
> Actually, http://www.openssh.com/txt/cbc.adv
>
> Removing CTR and RC4 leaves only vulnerable CBC mode ciphers.
>

Good point. The standard FIPS-centric response to this situation is to
do what policy requires. It's a sad fact that, all other things being
equal, FIPS 140-2 validated crypto implementations are less secure (in
the real-world sense of resistance to evil attack) than non-validated
equivalents. When you spend too much time working in that arena it's
easy to forget that's not a good thing.

The long term solution is to include CTR mode in the currently ongoing
validation, which we plan to do. In any event we have to be sure not to
just make up an EVP_CIPHER because that results in using the low-level
APIs which don't utilize the the approved interface for the FIPS
module. Instead we would want to build up a CTR mode in terms of EVP
ECB mode.

-Steve M.

-- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877-673-6775 marquess@opensslfoundation.com _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev