Bugzilla – Attachment 1619 Details for
Bug 1580
[PATCH] HMAC should use sha1 instead of md5 by default
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
openssh-hmac-sha1-prefered-cvs.patch
openssh-hmac-sha1-prefered-cvs.patch (text/plain), 2.99 KB, created by
Daniel Black
on 2009-03-30 16:40:38 AEDT
(
hide
)
Description:
openssh-hmac-sha1-prefered-cvs.patch
Filename:
MIME Type:
Creator:
Daniel Black
Created:
2009-03-30 16:40:38 AEDT
Size:
2.99 KB
patch
obsolete
>Index: myproposal.h >=================================================================== >RCS file: /cvs/openssh/myproposal.h,v >retrieving revision 1.23 >diff -u -b -B -r1.23 myproposal.h >--- myproposal.h 28 Jan 2009 05:33:31 -0000 1.23 >+++ myproposal.h 30 Mar 2009 05:38:26 -0000 >@@ -48,7 +48,7 @@ > "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ > "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" > #define KEX_DEFAULT_MAC \ >- "hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \ >+ "hmac-sha1,hmac-md5,umac-64@openssh.com,hmac-ripemd160," \ > "hmac-ripemd160@openssh.com," \ > "hmac-sha1-96,hmac-md5-96" > #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" >Index: ssh.1 >=================================================================== >RCS file: /cvs/openssh/ssh.1,v >retrieving revision 1.241 >diff -u -b -B -r1.241 ssh.1 >--- ssh.1 14 Feb 2009 05:34:05 -0000 1.241 >+++ ssh.1 30 Mar 2009 05:38:26 -0000 >@@ -699,7 +699,7 @@ > but protocol 2 is preferred since > it provides additional mechanisms for confidentiality > (the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) >-and integrity (hmac-md5, hmac-sha1, umac-64, hmac-ripemd160). >+and integrity (hmac-sha1, hmac-md5, umac-64, hmac-ripemd160). > Protocol 1 lacks a strong mechanism for ensuring the > integrity of the connection. > .Pp >Index: ssh_config.5 >=================================================================== >RCS file: /cvs/openssh/ssh_config.5,v >retrieving revision 1.119 >diff -u -b -B -r1.119 ssh_config.5 >--- ssh_config.5 22 Feb 2009 23:53:58 -0000 1.119 >+++ ssh_config.5 30 Mar 2009 05:38:26 -0000 >@@ -666,7 +666,7 @@ > Multiple algorithms must be comma-separated. > The default is: > .Bd -literal -offset indent >-hmac-md5,hmac-sha1,umac-64@openssh.com, >+hmac-sha1,hmac-md5,umac-64@openssh.com, > hmac-ripemd160,hmac-sha1-96,hmac-md5-96 > .Ed > .It Cm NoHostAuthenticationForLocalhost >Index: sshd.8 >=================================================================== >RCS file: /cvs/openssh/sshd.8,v >retrieving revision 1.208 >diff -u -b -B -r1.208 sshd.8 >--- sshd.8 3 Nov 2008 08:21:21 -0000 1.208 >+++ sshd.8 30 Mar 2009 05:38:26 -0000 >@@ -304,7 +304,7 @@ > to use from those offered by the server. > Additionally, session integrity is provided > through a cryptographic message authentication code >-(hmac-md5, hmac-sha1, umac-64 or hmac-ripemd160). >+(hmac-sha1, hmac-md5, umac-64 or hmac-ripemd160). > .Pp > Finally, the server and the client enter an authentication dialog. > The client tries to authenticate itself using >Index: sshd_config.5 >=================================================================== >RCS file: /cvs/openssh/sshd_config.5,v >retrieving revision 1.108 >diff -u -b -B -r1.108 sshd_config.5 >--- sshd_config.5 23 Feb 2009 00:00:24 -0000 1.108 >+++ sshd_config.5 30 Mar 2009 05:38:26 -0000 >@@ -546,7 +546,7 @@ > Multiple algorithms must be comma-separated. > The default is: > .Bd -literal -offset indent >-hmac-md5,hmac-sha1,umac-64@openssh.com, >+hmac-sha1,hmac-md5,umac-64@openssh.com, > hmac-ripemd160,hmac-sha1-96,hmac-md5-96 > .Ed > .It Cm Match
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1619">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1580
: 1619