From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mcr@sandelman.ca>
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 0722F21F4F7
	for <cerowrt-devel@lists.bufferbloat.net>;
	Fri, 24 Oct 2014 10:52:54 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21])
	by tuna.sandelman.ca (Postfix) with ESMTP id 2F0A520028;
	Fri, 24 Oct 2014 13:53:54 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179)
	id 6F5A863A84; Fri, 24 Oct 2014 13:52:52 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1])
	by sandelman.ca (Postfix) with ESMTP id 596E463A21;
	Fri, 24 Oct 2014 13:52:52 -0400 (EDT)
From: Michael Richardson <mcr@sandelman.ca>
To: Maciej Soltysiak <maciej@soltysiak.com>
In-Reply-To: <CAMZR1YA9vEOm2h51zz+ZWV8RXQPjfFvJGSKmo-jtiQAb6XZevw@mail.gmail.com>
References: <CAMZR1YA9vEOm2h51zz+ZWV8RXQPjfFvJGSKmo-jtiQAb6XZevw@mail.gmail.com>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;
	<'$9xN5Ub#
	z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
Date: Fri, 24 Oct 2014 13:52:52 -0400
Message-ID: <4186.1414173172@sandelman.ca>
Sender: mcr@sandelman.ca
Cc: "cerowrt-devel@lists.bufferbloat.net" <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] Available MACs in dropbear
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Fri, 24 Oct 2014 17:53:23 -0000


Maciej Soltysiak <maciej@soltysiak.com> wrote:
    > For some reason dropbear doesn't have modern MACs for SSH. On cero
    > 3.10.36 I've got Dropbear SSH client v2013.59:

Just to make sure you are clear: hmac-md5 is not subject to any of the
preimage attacks that md5 is subject to.  It's not the same thing.

    > The reason why it hurts me is that I have servers configured according
    > to bettercrypto.org and I can't connect from cero (rare occasions, but

1) MD5 != HMAC-MD5.
2) SSHv2 is not SSL, and POODLE would be impossible against SSHv2 (or IPsec
   for that matter).

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [