From e508a963e7ac95d7e383794c15d80d832dbe164a Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Thu, 20 May 2021 14:17:37 -0400 Subject: [PATCH] Added 1 new MAC: hmac-ripemd160-96. --- README.md | 1 + src/ssh_audit/ssh2_kexdb.py | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 50f1cc5..d9c129b 100644 --- a/README.md +++ b/README.md @@ -178,6 +178,7 @@ For convenience, a web front-end on top of the command-line tool is available at ### v2.5.0-dev (???) - Fixed crash when running host key tests. - Added `-d`/`--debug` option for getting debugging output; credit [Adam Russell](https://github.com/thecliguy). + - Added 1 new MAC: `hmac-ripemd160-96`. ### v2.4.0 (2021-02-23) - Added multi-threaded scanning support. diff --git a/src/ssh_audit/ssh2_kexdb.py b/src/ssh_audit/ssh2_kexdb.py index 4563370..1f21a08 100644 --- a/src/ssh_audit/ssh2_kexdb.py +++ b/src/ssh_audit/ssh2_kexdb.py @@ -1,7 +1,7 @@ """ The MIT License (MIT) - Copyright (C) 2017-2020 Joe Testa (jtesta@positronsecurity.com) + Copyright (C) 2017-2021 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Permission is hereby granted, free of charge, to any person obtaining a copy @@ -250,6 +250,7 @@ class SSH2_KexDB: # pylint: disable=too-few-public-methods 'hmac-md5-96': [['2.5.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC, WARN_HASH_WEAK]], 'hmac-ripemd': [[], [FAIL_DEPRECATED_MAC], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC]], 'hmac-ripemd160': [['2.5.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC]], + 'hmac-ripemd160-96': [[], [FAIL_DEPRECATED_MAC], [WARN_ENCRYPT_AND_MAC, WARN_TAG_SIZE]], 'hmac-ripemd160@openssh.com': [['2.1.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC]], 'umac-64@openssh.com': [['4.7'], [], [WARN_ENCRYPT_AND_MAC, WARN_TAG_SIZE]], 'umac-128@openssh.com': [['6.2'], [], [WARN_ENCRYPT_AND_MAC]],