Drop legacy algorithms part 1#1442
Merged
Rob-Hague merged 3 commits intosshnet:developfrom Jul 17, 2024
Merged
Conversation
This drops some of the algorithms long-considered legacy/insecure. The idea is both to improve the theoretical security of the library by not offering these algorithms, and to improve the practical security of the library by not having hand-written, barely tested crypto code. The overarching goal is for the library to have minimal exposure to crypto implementation, relying firstly on the .NET base libraries, and secondly on third-party providers, such as BouncyCastle. This change covers deleting the cipher algorithms arcfour, blowfish, twofish, cast. It covers deleting the MD5-based and truncated HMAC algorithms. These were all disabled in OpenSSH server (sshd) in 2014[^1]: > sshd(8): The default set of ciphers and MACs has been altered to > remove unsafe algorithms. In particular, CBC ciphers and arcfour* > are disabled by default. > > The full set of algorithms remains available if configured > explicitly via the Ciphers and MACs sshd_config options. and in the client in 2016[^2]: > This release disables a number of legacy cryptographic algorithms > by default in ssh: > > * Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants > and the rijndael-cbc aliases for AES. > > * MD5-based and truncated HMAC algorithms. > > These algorithms are already disabled by default in sshd. This change also drops PKCS5Padding, which is a line-for-line copy of PKCS7Padding, and StreamCipher, which is now unused (and useless anyway). [^1]: https://www.openssh.com/txt/release-6.7 [^2]: https://www.openssh.com/txt/release-7.2
Collaborator
|
Maybe we should move them to the SSH.NET.Unsafe nuget package. If anyone wanted to use them, it would be possible |
Collaborator
Author
|
I think these are so old that it's not worth any extra effort unless there is some unexpected demand for it. It seems reasonable for someone to stay on an old version of SSH.NET if they want to use old algorithms |
Collaborator
|
I agree 👍 |
WojciechNagorski
approved these changes
Jul 16, 2024
Collaborator
|
I approved. |
Collaborator
Author
|
Thanks |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This drops some of the algorithms long-considered legacy/insecure.
The idea is both to improve the theoretical security of the library by not offering these algorithms, and to improve the practical security of the library by not having hand-written, barely tested crypto code.
The overarching goal is for the library to have minimal exposure to crypto implementation, relying firstly on the .NET base libraries, and secondly on third-party providers, such as BouncyCastle.
This change covers deleting the cipher algorithms arcfour, blowfish, twofish, cast. It covers deleting the MD5-based and truncated HMAC algorithms.
These were all disabled in OpenSSH server (sshd) in 20141:
and in the client in 20162:
This change also drops PKCS5Padding, which is a line-for-line copy of PKCS7Padding, and StreamCipher, which is now unused (and useless anyway).
Footnotes
https://www.openssh.com/txt/release-6.7 ↩
https://www.openssh.com/txt/release-7.2 ↩