Open Dreamsorcerer opened 8 months ago
On the slim chance the project ever gets revived: https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
TLDR: chacha20-poly1305@openssh.com needs to be removed from the list of supported ciphers (and certainly shouldn't be the preferred cipher anymore)
On the slim chance the project ever gets revived: https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
TLDR: chacha20-poly1305@openssh.com needs to be removed from the list of supported ciphers (and certainly shouldn't be the preferred cipher anymore)