Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

"Being against torture ought to be sort of a bipartisan thing." -- Karl Lehenbauer

devel / comp.security.ssh / Re: Couldn't agree a client-to-server MAC (available: hmac-sha2-512)

SubjectAuthor
o Couldn't agree a client-to-server MAC (available: hmac-sha2-512)Austin Harsh

1
Re: Couldn't agree a client-to-server MAC (available: hmac-sha2-512)

<732ca370-0f6a-46c0-ad12-a4fd91e84ca3n@googlegroups.com>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=235&group=comp.security.ssh#235

  copy link   Newsgroups: comp.security.ssh
X-Received: by 2002:a05:620a:4628:b0:75c:ada7:b8cc with SMTP id br40-20020a05620a462800b0075cada7b8ccmr4341637qkb.7.1685753830886;
Fri, 02 Jun 2023 17:57:10 -0700 (PDT)
X-Received: by 2002:a05:6870:5b0b:b0:19f:3568:5f40 with SMTP id
ds11-20020a0568705b0b00b0019f35685f40mr1142208oab.10.1685753830570; Fri, 02
Jun 2023 17:57:10 -0700 (PDT)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!newsfeed.hasname.com!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.security.ssh
Date: Fri, 2 Jun 2023 17:57:10 -0700 (PDT)
In-Reply-To: <aeb354e6-f542-418d-9c06-ee94c9a0fd1dn@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=173.244.209.63; posting-account=UcgVsgoAAADVmMkmW9577zmjYSaDETaB
NNTP-Posting-Host: 173.244.209.63
References: <af3bea9d-a050-4810-b5c2-d88cb698dca2n@googlegroups.com>
<81354slabm.fsf@thyestes.tartarus.org> <aeb354e6-f542-418d-9c06-ee94c9a0fd1dn@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <732ca370-0f6a-46c0-ad12-a4fd91e84ca3n@googlegroups.com>
Subject: Re: Couldn't agree a client-to-server MAC (available: hmac-sha2-512)
From: harsh.austin@gmail.com (Austin Harsh)
Injection-Date: Sat, 03 Jun 2023 00:57:10 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 2177
 by: Austin Harsh - Sat, 3 Jun 2023 00:57 UTC

On Monday, April 24, 2023 at 9:44:54 PM UTC+12, Magicman8508 wrote:
> I just tried the recent nightly version and it works! Perfect. Many thanks. Didn't thought it could be resolved so fast.
>
> In my case it affects a cisco 9800 series. Not sure why it is configured this way. Maybe a company policy only allows hmac-sha2-512.
>
> Thanks again.
> Have a great day.

In my case this is based on the new US Government CNSA V2.0 policy (this is what is replacing FIPS stuff, kind of). CNSA V2.0 states you must use HMAC-SHA2-384 or HMAC-SHA2-512. Cisco switches do not support the 384 variant, so you have to use 512. In the future (~5 years) PuTTY will eventually need to support a new hashing algorithm called CRYSTALS-Kyber. https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor