On 3/9/22 08:52, Alexander Sosedkin wrote: > On Wed, Mar 9, 2022 at 2:47 PM Richard W.M. Jones <rjones@xxxxxxxxxx> wrote: >> >> Previous tightening of crypto defaults caused problems with us >> connecting to older ssh servers. >> >> I am particularly interested / worried about sshd from RHEL 5, 6 & 7 >> for virt-p2v and virt-v2v conversions. This broke before, requiring >> us to advise users to set the global policy for the machine to LEGACY >> (thus ironically weakening crypto for everything). >> >> Also I have some ancient network equipment that cannot be upgraded but >> needs older ssh protocols. I can't connect to it from Fedora unless I >> set the crypto policy to LEGACY. >> >> Anyway I'm wondering if the SHA-1 change will impact ssh further? > > IIRC, the only SHA-1 thing that should be left in DEFAULT for SSH > is SHA-1 as HMAC, which doesn't rely on collision resistance. > So, not this round. SHA-1 HMAC is still considered to be a perfectly good MAC. For new protocols, I recommend using Blake2b instead, but that is purely for performance reasons, not because HMAC-SHA-1 is broken. There are no known attacks on HMAC-SHA-1, and it is actually stronger than AES-128 in CBC-MAC (160 bits of security vs. 128). -- Sincerely, Demi Marie Obenour (she/her/hers)
Attachment:
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
