Various changes by Philipp Gühring
[ach-master.git] / unsorted / ssh / Ciphers.txt
index 7455a88..c832c37 100644 (file)
@@ -5,22 +5,25 @@ Debian/OpenSSH6 man page shows the following:
              “aes256-cbc”, “aes128-ctr”, “aes192-ctr”, “aes256-ctr”, “arcfour128”, “arcfour256”,
              “arcfour”, “blowfish-cbc”, and “cast128-cbc”.  The default is:
 
-                aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
-                aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
-                aes256-cbc,arcfour
+        Those Ciphers can be used:
+                aes128-ctr,aes192-ctr,aes256-ctr
+        Those Ciphers should not be used:
+               aes128-cbc,3des-cbc,blowfish-cbc,aes256-cbc,cast128-cbc,aes192-cbc,
+                arcfour256,arcfour128,arcfour
 
-TODO: which of those should be used?
 
      MACs    Specifies the available MAC (message authentication code) algorithms.  The MAC algo‐
              rithm is used in protocol version 2 for data integrity protection.  Multiple algo‐
              rithms must be comma-separated.  The default is:
 
+        Those MACs can be used:
+                   hmac-sha2-256,hmac-sha2-512,hmac-sha256-96
+                   hmac-sha2-512-96,hmac-ripemd160
+        Those MACs should not be used:
                    hmac-md5,hmac-sha1,umac-64@openssh.com,
-                   hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
-                   hmac-sha2-256,hmac-sha256-96,hmac-sha2-512,
-                   hmac-sha2-512-96
+                   hmac-sha1-96,hmac-md5-96,
+
 
-TODO: which of those should be used?
 
 Regarding compression: the default for compression is "delayed" which means, that compression
 will only kick in after successful authentication (possibilities: yes, no, delayed).