ssh-audit

ssh-audit copied to clipboard

Hi,

We had some guys in our project running an audit with this tool. They got the following message.

Now they want to remove the support for these MAC algorithms. Could you explain why these algorithms are not secure? I googled it and could not find any facts supporting it.

br,

//mike

SHA2 is like a either-OR algorithm and one of its digest algorithms is weaker enough to fit the audit of “weak”.?

Where is the common consensus for this opinion? Which digest algorithm are you referring to? Where can I read about it?

SHA-2 is a 21 year old standard. And is easily collided.

https://eprint.iacr.org/2011/286.pdf

Keep in mind that these are warnings rather than failures.

The warning note relates to the use of encrypt-and-mac mode.

I'd suggest that you research what the current prevailing consensus is on the alternative to encrypt-and-mac which is encrypt-then-mac.

You can see what ssh-audit has to say about the encrypt-and-mac and encrypt-then-mac varients of these algorithms by running the following command:

ssh-audit --lookup=hmac-sha2-256,[email protected],hmac-sha2-512,[email protected]

Years of research have shown that IPSec's choice of EtM is the only secure way.

Though the command line colors -etm MAC green, the website colors -etm black. That's because ctr-etm is secure but is going away for something better. TLS 1.3 is going to AEAD only and your SSH servers should too. No more roll your own encryption from buckets of ciphers and MACs. The future is all aes-gcm and chacha20-poly1305 where the advertised MAC are no longer relevant.

Thanks @egberts , @thecliguy , and @severach for helping with this question!