[Cyberduck-trac] [Cyberduck] #8555: Support hmac-sha2-512-etm at openssh.com
Cyberduck
trac at trac.cyberduck.io
Fri Feb 6 08:47:44 UTC 2015
#8555: Support hmac-sha2-512-etm at openssh.com
----------------------------+----------------------
Reporter: lbort | Owner: dkocher
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: sftp | Version: 4.6.4
Severity: normal | Keywords: ssh, MAC
Architecture: | Platform:
----------------------------+----------------------
This is in the line of tickets #8488, #8528 and #8537, but not as urgent
as the key exchange algorithms.
Standard procedure with hmac-sha-512 is to Encrypt-and-Mac, which might
lead to some side channel attacks, according to
https://stribika.github.io/2015/01/04/secure-secure-shell.html
Encrypt-then-Mac should fix that. Personally I only care about the 512-bit
version of that MAC, but if it is easy to add, hmac-
sha2-256-etm at openssh.com can be included as well for compatibility.
--
Ticket URL: <https://trac.cyberduck.io/ticket/8555>
Cyberduck <http://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list