[dropbear] Prefer stronger algorithms in algorithm negotiation. (#9)

Matt Johnston matt at ucc.asn.au
Fri Jan 9 22:59:53 AWST 2015


(CCing the dropbear list - hopefully crossposting isn't too awkward)

I'll merge this pull request, though if anyone has comments
please let me know. Comments inline below.

Matt

On Thu, Jan 08, 2015 at 04:46:48AM -0800, fedor-brunner wrote:

>   https://github.com/mkj/dropbear/pull/9
> 
> -- Commit Summary --
> 
>   * Prefer stronger algorithms in algorithm negotiation.
> 
> -- File Changes --
> 
>     M common-algo.c (16)

> Prefer diffie-hellman-group14-sha1 (2048 bit) over
>  diffie-hellman-group1-sha1 (1024 bit).

This is probably OK. group14 is quite a bit slower for slow
machines (2x?). I don't think that's a big problem though -
the algorithm preference order only applies to Dropbear as a
client. In that case most servers seem to support ecdh
methods which are fast - they're the first preference
(curve25519 and the nist methods). 

> [prefer aes256 over 3des]
> Due to meet-in-the-middle attacks the effective key length of
> three key 3DES is 112 bits. AES is stronger and faster then 3DES.

This makes sense. 

> Prefer to delay the start of compression until after authentication
> has completed. This avoids exposing compression code to attacks
> from unauthenticated users.

I was thinking of doing this recently myself. At the time I
added delayed compression some widespread clients (PuTTY I
think?) didn't suppprt it, but I think that's OK now.


More information about the Dropbear mailing list