Hacker News new | past | comments | ask | show | jobs | submit login

Ansible is relying on SSH for security and does not use any homebrew crypto or protocols by default.



https://linux.die.net/man/3/ansible.fireball

It definitely has them however.


You can use salt over SSH, but it is not the default.


ansible-vault is homebrew crypto


it uses the standard cryptography or pycrypto backends as everything else


> homebrew crypto

AES-256?


I don't understand this claim. ansible-vault uses AES256 which is anything but homebrew.


This is why like me, you're not a cryptographer. AES256 is a cipher, its one component of a cryptosystem. Analysing cryptosystems is a complex area that does not involve vetting software for buzzwords.

I can take AES256 and make it output the image here: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation...

That's not supposed to happen. The part where homebrew diverges from cryptography is that the former involves engineers like us connecting buzzwords together to produce images like the Wikipedia article, the latter involves complex math and rigorous peer review.


I think you're just trolling


Salt uses AES too. The problem is it puts together standard primitives in homebrew protocols. Cryptographic protocol design is as likely to mess your system up as cryptographic primitive design.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: