Collaborate Disseminate
When using OpenSSH server (sshd) we specify allowed ciphers, host key algorithms and MACs. Some of those ciphers have an email address appended, for example aes256-gcm@openssh.com as opposed to aes256-ctr. What is the meaning of that? I ch… Continue reading OpenSSH: Meaning of cipher with email address @openssh.com
Users have negotiated a secret key.
Then they connect to the server and generate the hash of their key using JavaScript on the client side.
They all connect to the server sending their initialization vector (IV), but the server stores only… Continue reading CBC-MAC for end-to-end multi-user encryption
I’m a cybersecurity student and I’m eager to understand the basic processes of an SSH session. I wrote down the stages to the best of my ability but need help understanding what happens right after the TCP handshake and right before the Di… Continue reading When connecting via SSH, does the Diffie-Hellman key exchange take place over an unencrypted TCP session or does encryption occur before the exchange?
In Trivium cipher, 80-bit key and 80-bit IV (initialization vector) are used initially to set up the initial state. I would like to know, (i) role of IV in stream cipher? (ii) can we make IV a secret parameter? and (iii) how IV values are … Continue reading What is the significance of IV in stream ciphers like Trivium? [migrated]
Nmap out put for google.com.
ssl-enum-ciphers.
TLSv1.2:
ciphers:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (ecdh_x25519) – A.
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) – A.
TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa… Continue reading what is the link between server certificate and cipher list advertised by server for nmap command?
Why are there predefined sets of cipher suites. Why is creating your own cipher suites not recommended.
I have previously removed less secure ciphers from WHM (Web Host Manager) however it has been a while and I want to learn how to fish, not be handed a fish.
The trouble seems to stem from the fact that there is little-to-no consistency in… Continue reading Remove less secure ciphers from WHM by decrpyting different convoluted references to the same ciphers
I’d like to better understand my workaround, and confirm that it’s secure.
Problem
I have a crt file containing a root and intermediate certificate installed on my server (I have limited access to the server – its running in a third par… Continue reading TLS handshake failure (40) solved by removing intermediate certificate from server?
I am using Naviserver’s nsssl module and it expects the list of TLS ciphers to be in OpenSSL’s “CIPHER LIST FORMAT” e.g.
ns_param ciphers “ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM… Continue reading Converting a list of ciphers to OpenSSL’s "CIPHER LIST FORMAT" [migrated]
I am using Naviserver’s nsssl module and it expects the list of TLS ciphers to be in OpenSSL’s “CIPHER LIST FORMAT” e.g.
ns_param ciphers “ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM… Continue reading Converting a list of ciphers to OpenSSL’s "CIPHER LIST FORMAT" [migrated]