From 4ffae85325faddf78b9a4a0ece4d540a19f9aa13 Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Fri, 20 Mar 2020 09:16:41 -0400 Subject: [PATCH] Added hmac-sha3-224 MAC. --- README.md | 2 +- ssh-audit.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5ffb5df..af0e10e 100644 --- a/README.md +++ b/README.md @@ -72,7 +72,7 @@ $ snap install ssh-audit ### v2.2.1-dev (???) - Added 1 new host key types: `ssh-rsa1`. - Added 1 new ciphers: `blowfish`. - - Added 1 new MACs: `chacha20-poly1305@openssh.com` + - Added 2 new MACs: `chacha20-poly1305@openssh.com`, `hmac-sha3-224`. ### v2.2.0 (2020-03-11) - Marked host key type `ssh-rsa` as weak due to [practical SHA-1 collisions](https://eprint.iacr.org/2020/014.pdf). diff --git a/ssh-audit.py b/ssh-audit.py index e4bc63a..9ae6b2a 100755 --- a/ssh-audit.py +++ b/ssh-audit.py @@ -488,6 +488,7 @@ class SSH2(object): # pylint: disable=too-few-public-methods 'hmac-sha2-384': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha2-512': [['5.9,d2013.56,l10.7.0'], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha2-512-96': [['5.9', '6.0'], [FAIL_OPENSSH61_REMOVE], [WARN_ENCRYPT_AND_MAC]], + 'hmac-sha3-224': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha3-256': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha3-384': [[], [], [WARN_ENCRYPT_AND_MAC]], 'hmac-sha3-512': [[], [], [WARN_ENCRYPT_AND_MAC]],