[Cerowrt-devel] Available MACs in dropbear
Maciej Soltysiak
maciej at soltysiak.com
Fri Oct 24 14:40:55 EDT 2014
On Fri, Oct 24, 2014 at 7:52 PM, Michael Richardson <mcr at sandelman.ca> wrote:
> > The reason why it hurts me is that I have servers configured according
> > to bettercrypto.org and I can't connect from cero (rare occasions, but
>
> 1) MD5 != HMAC-MD5.
That I didn't know, thanks Michael. For some reason bettercrypto.org
people make sure not to use hmac-md5 by suggesting the following:
MACs hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
I believe I'd be able to connect to if SHA256 or SHA512 was enabled here:
https://github.com/dtaht/cerowrt-3.10/blob/master/package/network/services/dropbear/patches/120-openwrt_options.patch
> 2) SSHv2 is not SSL, and POODLE would be impossible against SSHv2 (or IPsec
> for that matter).
That, I'm aware of, yes.
Best regards,
Maciej
More information about the Cerowrt-devel
mailing list