- markus@cvs.openbsd.org 2012/12/11 22:31:18

[PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h] [packet.c ssh_config.5 sshd_config.5] add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
author: Damien Miller <djm@mindrot.org> 2012-12-12 10:46:31 +1100
committer: Damien Miller <djm@mindrot.org> 2012-12-12 10:46:31 +1100
commit: af43a7ac2d77c57112b48f34c7a72be2adb761bc (patch)
tree: 4381616492fbbca62d39c042f16221f681c1d37f /myproposal.h
parent: 6a1937eac5da5bdcf33aaa922ce5de0c764e37ed (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/myproposal.h b/myproposal.h
index 5e2b99857..d98f4b051 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.30 2012/10/04 13:21:50 markus Exp $ */
+/* $OpenBSD: myproposal.h,v 1.31 2012/12/11 22:31:18 markus Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -83,6 +83,15 @@
 # define SHA2_HMAC_MODES
 #endif
 #define KEX_DEFAULT_MAC \
+        "hmac-md5-etm@openssh.com," \
+        "hmac-sha1-etm@openssh.com," \
+        "umac-64-etm@openssh.com," \
+        "umac-128-etm@openssh.com," \
+        "hmac-sha2-256-etm@openssh.com," \
+        "hmac-sha2-512-etm@openssh.com," \
+        "hmac-ripemd160-etm@openssh.com," \
+        "hmac-sha1-96-etm@openssh.com," \
+        "hmac-md5-96-etm@openssh.com," \
        "hmac-md5," \
        "hmac-sha1," \
        "umac-64@openssh.com," \
author	Damien Miller <djm@mindrot.org>	2012-12-12 10:46:31 +1100
committer	Damien Miller <djm@mindrot.org>	2012-12-12 10:46:31 +1100
commit	af43a7ac2d77c57112b48f34c7a72be2adb761bc (patch)
tree	4381616492fbbca62d39c042f16221f681c1d37f /myproposal.h
parent	6a1937eac5da5bdcf33aaa922ce5de0c764e37ed (diff)