On Wed, 16 Jan 2008, Chris Rapier wrote:

> Linda Walsh wrote:
>> I hope this is the right list, as I'm desiring a feature addition
>> in openssh. I would like the option to have a 'null' cipher (after
>> the initial authorization, similar to 'delayed' for compression).
>> It would have to be enabled on both client and server and server
>> would never use it unless it was both enabled and asked for by
>> the client.

>
> You should look at HPN-SSH at http://www.psc.edu/networking/projects/hpn-ssh
>
> This implements the NONE cipher exactly as you describe with the caveat
> that it still generate HMACs. Authentication is fully encrypted and it
> then it switches to the NONE cipher. One important caveat is that you
> *cannot* use this NONE cipher in interactive sessions. Its only
> available for bulk data transfers.
>


Hmm.. I believe Markus established a few years ago that the HMAC is more
costly in terms of preformance than most of the ciphers.

If one skims back through the list I think he gave preformance numbers
which resulted in our default HMAC/Cipher combination (could be I also saw
them via a different list. That was too long ago) .. And I suspect
that would have been around the late 2.x release to the early 3.x
release...


- Ben
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev