Added warnings to all key exchanges that do not provide protection against quantum attacks.

2025-06-25 12:04:32 +02:00 · 2024-11-25 15:56:51 -05:00
parent a01baadfa8
commit 28a1e23986
26 changed files with 475 additions and 162 deletions
--- a/test/docker/expected_results/openssh_4.0p1_test1.txt
+++ b/test/docker/expected_results/openssh_4.0p1_test1.txt
@ -10,13 +10,16 @@

 [0;36m# key exchange algorithms[0m
 [0;31m(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus[0m
+[0;33m                                                    `- [warn] does not provide protection against post-quantum attacks[0m
                                                    `- [info] available since OpenSSH 2.3.0
 [0;31m(kex) diffie-hellman-group14-sha1         -- [fail] using broken SHA-1 hash algorithm[0m
 [0;33m                                          `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength[0m
+[0;33m                                          `- [warn] does not provide protection against post-quantum attacks[0m
                                          `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
 [0;31m(kex) diffie-hellman-group1-sha1          -- [fail] using small 1024-bit modulus[0m
 [0;31m                                          `- [fail] vulnerable to the Logjam attack: https://en.wikipedia.org/wiki/Logjam_(computer_security)[0m
 [0;31m                                          `- [fail] using broken SHA-1 hash algorithm[0m
+[0;33m                                          `- [warn] does not provide protection against post-quantum attacks[0m
                                          `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
                                          `- [info] removed in OpenSSH 6.9: https://www.openssh.com/txt/release-6.9