Google Git
Sign in
go / crypto / a59c127441a8ae2ad9b0fb300ab36a6558bba697
commita59c127441a8ae2ad9b0fb300ab36a6558bba697[log] [tgz]
authorHan-Wen Nienhuys <hanwen@google.com>Tue Jan 17 18:15:27 2017 +0100
committerHan-Wen Nienhuys <hanwen@google.com>Mon Jan 30 09:33:53 2017 +0000
treea0c1186e0a10e0886d469d98f4936a2c054205d1
parent6fb066875c8002ccd49dbd9a16b522711cb8f59d [diff]
ssh: rationalize rekeying decisions.

1) Always force a key exchange if we exchange 2^31 packets. In the past
this might not happen if RekeyThreshold was set to a very large
interval.

2) Follow recommendations from RFC 4344 for block ciphers. For AES, we
can encrypt 2^(blocksize/4) blocks under the same keys.

On modern hardware, the previous default of 1Gb could force a key
exchange within ~10 seconds. Since the key exchange takes 3 roundtrips
(send kex init, send DH init, send NEW_KEYS), this is relatively
expensive on high-latency links.

Change-Id: I1297124a307c541b7bf22d814d136ec0c6d8ed97
Reviewed-on: https://go-review.googlesource.com/35410
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
2 files changed
tree: a0c1186e0a10e0886d469d98f4936a2c054205d1
  1. acme/
  2. bcrypt/
  3. blake2b/
  4. blake2s/
  5. blowfish/
  6. bn256/
  7. cast5/
  8. chacha20poly1305/
  9. curve25519/
  10. ed25519/
  11. hkdf/
  12. md4/
  13. nacl/
  14. ocsp/
  15. openpgp/
  16. otr/
  17. pbkdf2/
  18. pkcs12/
  19. poly1305/
  20. ripemd160/
  21. salsa20/
  22. scrypt/
  23. sha3/
  24. ssh/
  25. tea/
  26. twofish/
  27. xtea/
  28. xts/
  29. .gitattributes
  30. .gitignore
  31. AUTHORS
  32. codereview.cfg
  33. CONTRIBUTING.md
  34. CONTRIBUTORS
  35. LICENSE
  36. PATENTS
  37. README