This is a discussion on Re: Optional 'test' or benchmark cipher - openssh ; On Wed, 16 Jan 2008, Chris Rapier wrote: > Linda Walsh wrote: >> I hope this is the right list, as I'm desiring a feature addition >> in openssh. I would like the option to have a 'null' cipher (after ...
On Wed, 16 Jan 2008, Chris Rapier wrote:
> Linda Walsh wrote:
>> I hope this is the right list, as I'm desiring a feature addition
>> in openssh. I would like the option to have a 'null' cipher (after
>> the initial authorization, similar to 'delayed' for compression).
>> It would have to be enabled on both client and server and server
>> would never use it unless it was both enabled and asked for by
>> the client.
> You should look at HPN-SSH at http://www.psc.edu/networking/projects/hpn-ssh
> This implements the NONE cipher exactly as you describe with the caveat
> that it still generate HMACs. Authentication is fully encrypted and it
> then it switches to the NONE cipher. One important caveat is that you
> *cannot* use this NONE cipher in interactive sessions. Its only
> available for bulk data transfers.
Hmm.. I believe Markus established a few years ago that the HMAC is more
costly in terms of preformance than most of the ciphers.
If one skims back through the list I think he gave preformance numbers
which resulted in our default HMAC/Cipher combination (could be I also saw
them via a different list. That was too long ago) .. And I suspect
that would have been around the late 2.x release to the early 3.x
openssh-unix-dev mailing list