[dropbear] Prefer stronger algorithms in algorithm negotiation. (#9)
Matt Johnston
matt at ucc.asn.au
Fri Jan 9 22:59:53 AWST 2015
(CCing the dropbear list - hopefully crossposting isn't too awkward)
I'll merge this pull request, though if anyone has comments
please let me know. Comments inline below.
Matt
On Thu, Jan 08, 2015 at 04:46:48AM -0800, fedor-brunner wrote:
> https://github.com/mkj/dropbear/pull/9
>
> -- Commit Summary --
>
> * Prefer stronger algorithms in algorithm negotiation.
>
> -- File Changes --
>
> M common-algo.c (16)
> Prefer diffie-hellman-group14-sha1 (2048 bit) over
> diffie-hellman-group1-sha1 (1024 bit).
This is probably OK. group14 is quite a bit slower for slow
machines (2x?). I don't think that's a big problem though -
the algorithm preference order only applies to Dropbear as a
client. In that case most servers seem to support ecdh
methods which are fast - they're the first preference
(curve25519 and the nist methods).
> [prefer aes256 over 3des]
> Due to meet-in-the-middle attacks the effective key length of
> three key 3DES is 112 bits. AES is stronger and faster then 3DES.
This makes sense.
> Prefer to delay the start of compression until after authentication
> has completed. This avoids exposing compression code to attacks
> from unauthenticated users.
I was thinking of doing this recently myself. At the time I
added delayed compression some widespread clients (PuTTY I
think?) didn't suppprt it, but I think that's OK now.
More information about the Dropbear
mailing list