Cyberduck Mountain Duck CLI

#8555 closed enhancement (fixed)

Support hmac-sha2-512-etm@openssh.com cipher

Reported by: lbort Owned by: dkocher
Priority: normal Milestone: 6.9.0
Component: sftp Version: 4.6.4
Severity: normal Keywords: ssh, MAC
Cc: Architecture:
Platform:

Description

This is in the line of tickets #8488, #8528 and #8537, but not as urgent as the key exchange algorithms.

Standard procedure with hmac-sha-512 is to Encrypt-and-Mac, which might lead to some side channel attacks, according to https://stribika.github.io/2015/01/04/secure-secure-shell.html

Encrypt-then-Mac should fix that. Personally I only care about the 512-bit version of that MAC, but if it is easy to add, hmac-sha2-256-etm@… can be included as well for compatibility.

Change History (2)

comment:1 Changed on Jul 1, 2015 at 9:03:11 AM by dkocher

  • Summary changed from Support hmac-sha2-512-etm@openssh.com to Support hmac-sha2-512-etm@openssh.com cipher

comment:2 Changed on Jun 5, 2020 at 1:17:43 PM by dkocher

  • Milestone set to 6.9.0
  • Resolution set to fixed
  • Status changed from new to closed

Support was added upstream in 4de9f8ab9fd1e8c7a3c9b4fb0d5f82d58eb4c0a0.

Last edited on Jun 5, 2020 at 1:18:07 PM by dkocher (previous) (diff)
Note: See TracTickets for help on using tickets.
swiss made software