[CentOS] SSH Weak Ciphers

Thu Oct 20 12:38:01 UTC 2016
Leonard den Ottolander <leonard at den.ottolander.nl>

Hello Alice,

On Wed, 2016-10-19 at 14:22 -0700, Alice Wonder wrote:
> I formerly used secp521r1 but suddenly Google with no warning stopped 
> supporting it in chrome. That company is too powerful.

Actually this is something the NSA insists on:

https://www.iad.gov/iad/customcf/openAttachment.cfm?FilePath=/iad/library/ia-guidance/ia-solutions-for-classified/algorithm-guidance/assets/public/upload/CNSA-Suite-and-Quantum-Computing-FAQ.pdf&WpKes=aF6woL7fQp3dJiC4qaMYyEVfFwN9wmQ9umeApa

Q: To whom is the CNSS Advisory Memorandum 02-15 addressed?
A: NSA's announcement of changes from Suite B cryptography to the
Commercial National Security Algorithm Suite are for organizations that
run classified or unclassified national security systems (NSS) and
vendors that build products used in NSS. <snip>

I suppose Google is such a vendor.

Q: Can I use the NIST P-521 curve for ECDH or ECDSA on NSS?
A: In order to enhance system interoperability NSA recommends the use of
NIST P-384.  CNSSP-15 does not permit use of NIST P-521.  Use of NIST
P-521 needs to be approved by NSA as an exception to policy.  This
continues under CNSS Advisory Memorandum 02-15.   

Because of "interoperability" the use of strong crypto is discouraged.

Reminds me of the fact that not so long ago (and quite a while after the
algorithm was considered broken) openwall (then org, now com) insisted
on standardizing on MD5 for password hashes in phpass "because the
algorithm is available on nearly every system." As if catering for the
lowest common denominator is good practice when security is a concern.

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research