egberts
commented
2 years ago SHA2 is like a either-OR algorithm and one of its digest algorithms is weaker enough to fit the audit of “weak”.?
Closed mpet closed 1 year ago
egberts
commented
2 years ago SHA2 is like a either-OR algorithm and one of its digest algorithms is weaker enough to fit the audit of “weak”.?
mpet
commented
2 years ago Where is the common consensus for this opinion? Which digest algorithm are you referring to? Where can I read about it?
egberts
commented
2 years ago SHA-2 is a 21 year old standard. And is easily collided.
thecliguy
commented
2 years ago Keep in mind that these are warnings rather than failures.
The warning note relates to the use of encrypt-and-mac mode.
I'd suggest that you research what the current prevailing consensus is on the alternative to encrypt-and-mac which is encrypt-then-mac.
You can see what ssh-audit has to say about the encrypt-and-mac and encrypt-then-mac varients of these algorithms by running the following command:
ssh-audit --lookup=hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com
severach
commented
1 year ago Years of research have shown that IPSec's choice of EtM is the only secure way.
Though the command line colors -etm MAC green, the website colors -etm black. That's because ctr-etm is secure but is going away for something better. TLS 1.3 is going to AEAD only and your SSH servers should too. No more roll your own encryption from buckets of ciphers and MACs. The future is all aes-gcm and chacha20-poly1305 where the advertised MAC are no longer relevant.
jtesta
commented
1 year ago Thanks @egberts , @thecliguy , and @severach for helping with this question!
Hi,
We had some guys in our project running an audit with this tool. They got the following message.
Now they want to remove the support for these MAC algorithms. Could you explain why these algorithms are not secure? I googled it and could not find any facts supporting it.
br,
//mike