Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- New FIPS 180-2 hashes in OpenSSH?
July 10, 2005, 9:48 pm
rate this thread
be included for password hashing options (message authentication) for
sshd. Specifically in the sshd_config man page:
MACs Specifies the available MAC (message authentication code)
algorithms. The MAC algorithm is used in protocol version 2 for data
integrity protection. Multiple algorithms must be comma-separated. The
The new version of OpenSSL, 0.98, now has support for these stronger
version of SHA, and given the fact that it was recently shown by
researchers that SHA1 is vulnerable to a key-space attack in 2^69
operations as opposed to 2^80, meaning with hardware in a year or two
SHA1 will become less effective, both ssh client and server should
probably start supporting these.
Does anyone know if this is in the works for openssh?
Just because you're paranoid doesn't mean that no one is out to get you!
Re: New FIPS 180-2 hashes in OpenSSH?
This isn't a problem for HMAC, since breaking it requires a preimage attack,
not a collision attack. Thus, HMAC-SHA1 still requires 2^160 work to break.
Even HMAC-MD5 should be strong enough for most purposes at present, since
an HMAC cracker has to work within the rekey time (the default for which is
an hour) to be useful, unlike a cracker for the symmetric-encryption
The standard SSH-2 key-exchange methods also use SHA-1, but I think they're
resistant to collision attacks, at least when used with standard RSA and DSA
host keys. In any case, key-exchange methods using stronger hashes are in
the process of being standardised.
- » Putty - closing windows doesn't kill process in Linux
- — Next thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum