Comments (5)
xformerfhs
commented on June 25, 2024
1
Hi, Shaun and thank you for showing me where to look. I knew about "MAC-then-encrypt" and "Encrypt-then-MAC" but I did not know what "encrypt-and-MAC" meant. I could not find anything about that in the OpenSSH documentation. As I read here this means to calculate the MAC of the clear text and append it to the encrypted text. This is wrong, of course. The only save way to go is "encrypt-then-MAC" which appends the MAC of the encrypted text. So, thanks for pointing this out and, yes, you are right, one should only use the options ending in "-etm" and now I understand the warning. You made my day :-).
from ssh-audit.
Plloi
commented on June 25, 2024
Give https://moxie.org/2011/12/13/the-cryptographic-doom-principle.html a read
Edit (01Jan2022): came here to get this link and it was dead, updated to the new format
from ssh-audit.
xformerfhs
commented on June 25, 2024
Hello, Plloi and thanks for your answer. This is exactly what I meant: Moxie (and other cryptographers) say that MAC-then-Encrypt is a very bad idea. However, hmac-sha2-256 is "Encrypt-then-MAC" which Moxie describes in his blog post as "The third way, 'encrypt-then-authenticate,' is optimal because it does not violate the doom principle." So, there should be no warning about an "optimal" way to handle HMACs.
from ssh-audit.
Plloi
commented on June 25, 2024
I'm not an expert so I may be wrong, but i believe the ssh implementation of hmac-sha2-256 is encrypt-and-MAC, there is a separate option hmac-sha2-256-etm that is encrypt-then-MAC
from ssh-audit.
Plloi
commented on June 25, 2024
No problem, glad i could help
from ssh-audit.
Related Issues (20)
- Detect weak Diffie-Hellman parameters HOT 2
- Bare ipv6 addresses don't work HOT 2
- Question about nistp256 etc HOT 3
- algorithm recommendations for OpenSSH 6.7 HOT 3
- `[exception] did not receive banner.` exception HOT 8
- Please do not import colorama on posix systems
- Feature request: detect SSHFP DNS records and compare with server fingerprint HOT 3
- SSH version 1 should be removed
- publish to pypi? HOT 1
- Add ProFTPd to known SSH softwares
- New algorithms HOT 3
- Recognize curve25519-sha256 in addition to [email protected] HOT 2
- feature-request : support options in any order
- No updates in 2 years ... is this project no longer active? HOT 17
- Add install / run instructions to README
- Add support for RFC 8308
- Add support for new quantum-resistant key exchange HOT 2
- Add support for OpenSSH user configuration files HOT 2
- nada
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ssh-audit.