Hello Gordon, On Wed, 2016-10-19 at 10:31 -0700, Gordon Messmer wrote: > On 10/19/2016 08:30 AM, Leonard den Ottolander wrote: > > Where did you get the idea that AES (~ Rijndael) is a weak cipher? > > > It's not the cipher, but the mode. CBC has several known weaknesses in > TLS, and is frequently regarded as potentially insecure as a result. > > https://www.openssl.org/~bodo/tls-cbc.txt According to that document those issues are solved in the TLS 1.1 specification. It also indicates that issues 1) and 2) do not exist in openssl since 0.9.6i and 0.9.6e respectively and that openssls TLS 1.0 implementation handles padding correctly so issue 3) doesn't exist in openssl either. However, I see that the openssh developers have decided to disable cbc algorithms in 6.7. Not sure what their rationale is as from the document you mention I grasp that these issues can be fixed by correctly padding the message and adding one extra random block before the message ("front padding"). Personally I would be more concerned whether or not to enable ECDSA algorithms (https://blog.cr.yp.to/20140323-ecdsa.html). Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research