Disallow Encrypt-And-MAC MAC algorithms in modern config #192

mtausig · 2024-08-09T08:56:43Z

The current version of the "Modern configuration" includes the MAC schemes

hmac-sha2-512
hmac-sha2-256
umac-128@openssh.com

Those MAC schemes use SSH's classic Encrypt-and-MAC methodology, which is well known to have cryptographic flaws (e.g., see this paper by Bellare et.al or https://moxie.org/2011/12/13/the-cryptographic-doom-principle.html).

Usage of those algorithms is also flagged by ssh-audit:

[...]
# message authentication code algorithms
(mac) hmac-sha2-512-etm@openssh.com         -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256-etm@openssh.com         -- [info] available since OpenSSH 6.2
(mac) umac-128-etm@openssh.com              -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-512                         -- [warn] using encrypt-and-MAC mode
                                            `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha2-256                         -- [warn] using encrypt-and-MAC mode
                                            `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) umac-128@openssh.com                  -- [warn] using encrypt-and-MAC mode
                                            `- [info] available since OpenSSH 6.2
[...]

I would therefore suggest to remove the algorithms mentioned from the recommendation.

DIsallow Encrypt-And-MAC MAC algorithms in modern config

7b6cf7b

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Disallow Encrypt-And-MAC MAC algorithms in modern config #192

Disallow Encrypt-And-MAC MAC algorithms in modern config #192

mtausig commented Aug 9, 2024

Disallow Encrypt-And-MAC MAC algorithms in modern config #192

Are you sure you want to change the base?

Disallow Encrypt-And-MAC MAC algorithms in modern config #192

Conversation

mtausig commented Aug 9, 2024