1. 9

  2. 4

    Thank god. It really makes you wonder how OpenSSH without OpenSSL has a fallback with so much better crypto than what OpenSSL offers.

    1. 4

      Note that chacha20+poly1305 is slower than AES-NI + CLMUL-accelerated GCM on Intel chips…

      Don’t get me wrong, I love djb, but I’m not sure this is the wisest default, especially if you find yourself scping large files around frequently.

      1. 1

        IME chacha20+poly1305 is the fastest of the default 6.8 ciphers on non-AES (i.e old, or embedded) hardware. Of course, choosing a different cipher on the command line is trivial, and adding more to the server config for internal use (arcfour128) is also pretty easy.

        1. 1

          AES-NI and CLMULM have been in Intel chips since ~2010 (Westmere) and AMD chips since ~2011 (Bulldozer). For server software, at least, they’re nearly ubiquitous.

          1. 3

            Unless your servers are virtualized and don’t have AES-NI exposed, which until recently was all of AWS.

            1. 1

              Well, using older chips is normal, but you can’t use older AWS; it’s not available. At the moment, all of AWS supports AES-NI.