Cyberduck Mountain Duck CLI

Opened 4 years ago

Last modified 3 years ago

#8555 new enhancement

Support hmac-sha2-512-etm@openssh.com cipher

Reported by: lbort Owned by: dkocher
Priority: normal Milestone:
Component: sftp Version: 4.6.4
Severity: normal Keywords: ssh, MAC
Cc: Architecture:
Platform:

Description

This is in the line of tickets #8488, #8528 and #8537, but not as urgent as the key exchange algorithms.

Standard procedure with hmac-sha-512 is to Encrypt-and-Mac, which might lead to some side channel attacks, according to https://stribika.github.io/2015/01/04/secure-secure-shell.html

Encrypt-then-Mac should fix that. Personally I only care about the 512-bit version of that MAC, but if it is easy to add, hmac-sha2-256-etm@… can be included as well for compatibility.

Change History (1)

comment:1 Changed 3 years ago by dkocher

  • Summary changed from Support hmac-sha2-512-etm@openssh.com to Support hmac-sha2-512-etm@openssh.com cipher
Note: See TracTickets for help on using tickets.
swiss made software