2

I have an old version of netbsd which I am using. I wanted to configure the openssh to use strong ciphers and macs, but when saw the available macs it did not have support for SHA256 and higher. macs supported are

macs[] = {
    { "hmac-sha1",          SSH_EVP, EVP_sha1, 0, -1, -1 },
    { "hmac-sha1-96",       SSH_EVP, EVP_sha1, 96, -1, -1 },
    { "hmac-md5",           SSH_EVP, EVP_md5, 0, -1, -1 },
    { "hmac-md5-96",        SSH_EVP, EVP_md5, 96, -1, -1 },
    { "hmac-ripemd160",     SSH_EVP, EVP_ripemd160, 0, -1, -1 },
    { "hmac-ripemd160@openssh.com", SSH_EVP, EVP_ripemd160, 0, -1, -1 },
#ifdef UMAC_HAS_BEEN_UNBROKEN
    { "umac-64@openssh.com",    SSH_UMAC, NULL, 0, 128, 64 },
#endif
    { NULL,             0, NULL, 0, -1, -1 }
};

But when I check for supported ciphers for key exchange, I find that SHA256 can be used

#define KEX_DH1         "diffie-hellman-group1-sha1"
#define KEX_DH14        "diffie-hellman-group14-sha1"
#define KEX_DHGEX_SHA1      "diffie-hellman-group-exchange-sha1"
#define KEX_DHGEX_SHA256    "diffie-hellman-group-exchange-sha256"

How is that. If there is an implementation of SHA256 in my netbsd openssh, why isn't it available as a mac cipher?

Haris
  • 12,120
  • 6
  • 43
  • 70
  • What is the OpenSSH version you have there? The SHA2 usage in MAC and in Key exchange is totally distinct and one does not affect the other. If SHA2 is used in either of them depends on the availability of this hash in underlying OpenSSL, but also if the OpenSSH implemented such algorithm. – Jakuje Aug 18 '17 at 13:10
  • @Jakuje, My netbsd has Openssh V5.0 – Haris Aug 18 '17 at 13:20
  • Don't confuse the use of hash algorithms in message authentication codes (HMACs) with other uses of hash algorithms such as in PKI certificate signing or key exchanges. They're different. See [Why is HMAC-SHA1 still considered secure?](https://crypto.stackexchange.com/questions/26510/why-is-hmac-sha1-still-considered-secure) and [HMAC-SHA1 vs HMAC-SHA256](https://crypto.stackexchange.com/questions/15382/hmac-sha1-vs-hmac-sha256) As of the time I write this, there is no known reason to require HMAC-SHA256 over HMAC-SHA1 – Andrew Henle Aug 18 '17 at 14:38

1 Answers1

2

OpenSSH 5.0 had support for SHA-256 key exchange algorithm, but not for MACs with SHA-256 hashes. For the reference, there is a source code:

https://github.com/openssh/openssh-portable/blob/V_5_0_P1/myproposal.h

The SHA256 usage in MAC and in Key exchange is totally distinct and one does not affect the other. If SHA256 is used in either of them depends on the availability of this hash in underlying OpenSSL, but also if the OpenSSH implemented such algorithm. 10 years ago (2007), it was implemented only as a key exchange algorithm (the MAC were standardized later).

The original RFC4253 does not list any SHA256 algorithms. The DH key exchange method was standardized in RFC4419 (2006), but the HMACS using SHA2 were standardized as late as in 2012 in RFC6668.

Your version is between them, where there was no standard for this so it was not implemented.

Community
  • 1
  • 1
Jakuje
  • 24,773
  • 12
  • 69
  • 75
  • Thanks. So, how would I find out if my openssh is using the SHA256 from openssl or it has its own implementation. – Haris Aug 18 '17 at 13:38
  • OpenSSH does not have its implementation of SHA256 (and any other crypto, except ed25519 pk, curve25519 key exchange and chacha20-poly1305 cipher these days. It is always using OpenSSL for SHA256. – Jakuje Aug 18 '17 at 13:42
  • And [HMAC-SHA1 is still believed to be safe](https://crypto.stackexchange.com/questions/26510/why-is-hmac-sha1-still-considered-secure) – Andrew Henle Aug 18 '17 at 14:41