Hi I got 2 questions related to info in the SLOTH article, can someone help with these? 1. For SSH2 exposure for the (CVE-2015-7575) SLOTH ( http://www.mitls.org/pages/attacks/SLOTH), the chart in that URL identifies a downgrade attack for SSH2 protocol, Key Exchange Integrity SHA1. Is the remediation for that vulnerability to modify the config files to remove the MD5 and SHA1 as MAC's (Message Authentication Codes) ? 2. Is there any exposure related to using the ssh-keygen for the initial creation of the public/private key pairs or the exposure of the related fingerprint used (https://en.wikipedia.org/wiki/Public_key_fingerprint) ? Thanks Regards Sandeep _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
