SSH: Discontinue use of CBC

Question

Closed this issue 3 months ago · 0 comments

During the encryption part of server algorithm negotiation, CBC is to be avoided: use GCM or CTR.

The main difference between GCM and CTR is that GCM also provides authentication and integrity protection while CTR only provides confidentiality.

WARNING: AES-GCM has a limit to the size of data (~60GB) that it can encrypt before the counter cycles. But GCM and others may work fine.

No recommendation yet on GCM/CTR choice.

Reference