[Cerowrt-devel] Available MACs in dropbear

Maciej Soltysiak maciej at soltysiak.com
Fri Oct 24 14:40:55 EDT 2014


On Fri, Oct 24, 2014 at 7:52 PM, Michael Richardson <mcr at sandelman.ca> wrote:
>     > The reason why it hurts me is that I have servers configured according
>     > to bettercrypto.org and I can't connect from cero (rare occasions, but
>
> 1) MD5 != HMAC-MD5.
That I didn't know, thanks Michael. For some reason bettercrypto.org
people make sure not to use hmac-md5 by suggesting the following:
MACs hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

I believe I'd be able to connect to if SHA256 or SHA512 was enabled here:
https://github.com/dtaht/cerowrt-3.10/blob/master/package/network/services/dropbear/patches/120-openwrt_options.patch


> 2) SSHv2 is not SSL, and POODLE would be impossible against SSHv2 (or IPsec
>    for that matter).
That, I'm aware of, yes.

Best regards,
Maciej



More information about the Cerowrt-devel mailing list