[Tails-testers] (no subject)

Delete this message

Reply to this message
Autor: Alfredo Tanner
Data:  
Dla: tails-testers
Nowe tematy: Re: [Tails-testers] Updating SSH client ciphers, MACs, etc.
Temat: [Tails-testers] (no subject)
Hi,

I'm was playing around with Tails 2.0 beta1, and i noticed that the default
SSH configuration is exactly the same as older versions (aes-ctr/aes-cbc
is prefered, and aes-gcm/chacha20-poly1305 aren't used), while the
OpenSSH version in Debian 8 is a lot newer and supports better crypto.

The current configuration is:

Ciphers aes256-ctr,aes256-cbc,aes128-ctr,aes128-cbc,3des-cbc
MACs hmac-sha1,hmac-md5,hmac-ripemd160

I suppose that something like this would be better:

Ciphers
chacha20-poly1305@???,aes256-gcm@???,aes256-ctr,aes256-cbc,aes128-gcm@???,aes128-ctr,aes128-cbc
MACs hmac-sha1,hmac-ripemd160

Regards,
Alfredo Tanner
(PGP: 567E B708 19AD A720 1578 2D29 1890 E5DD 7910 022F)