Reply to post: hmac

Dealing with legacy issues around Red Hat crypto versions? Here's a fix



The use of hmac-sha1 remains secure, as hmac tolerates a weak hashing algorithm that is prone to collisions (which means that hmac-md5 is also still secure). However, sha-1 is also used within the original RSA key specification, which also cannot be used with modern SSH.

One easy solution is to install tinysshd on the RHEL6 release, which supports the latest (DJB) ciphers. It can be somewhat more difficult to use, as only ed25519 keys are allowed for logins (it does not allow a login with a password).

EPEL for RHEL9 does not yet have PuTTY packages. When they arrive, they will support the older ciphers. They can also be built from source.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon