In message <20001209005534.A12293@folly>, Markus Friedl writes:
>On Mon, Nov 27, 2000 at 04:02:13PM -0800, Gordon Fritsch wrote:
>> OK. So what you are saying is that Twofish is 16 bytes and SHA-1 uses 20
>> bytes.
>
>no, i say that twofish needs 32 bytes for keys but the
>algorithm used for generating the session keys uses
>SHA1 internally, so the entropy of the session key
>is not more than 20 bytes.
Well, it shouldn't be hard to switch to SHA2-512. But Twofish accepts
several key sizes, including 16 bytes, so there's likely no serious
loss. (Does OpenSSH really use the 32-byte key version of Twofish?
Why?)
The real weakness is in the pass phrase, which certainly doesn't have
that much entropy, and maybe in the random number generator that's
producing the actual keys...
--Steve Bellovin
