Please support secure MACs for SFTP

[cgar]

I use a hardened SSH server as per the advice on http://github.com/jtesta/ssh-audit.
Because of this I was unable to connect to my server at all without enabling a less secure message authentication code algorithm.

Using ssh-audit to test the SFTP plugin I was able to get a list of supported MACs. The best available ones are the HMAC-SHA2 ones. However these use the weaker encrypt-and-mac method. The other options are even worse, either completely broken or exploitable.

There are also many other broken algorithms enabled by default which give the plugin an F- rating in ssh-audit. But I understand this is probably to maximize compatibility. These are no issue to me anyway since I am able to use secure ciphers, key exchanges and hostkeys just fine by enforcing them server side as the plugin has good support in these other sections.

I would like to do the same with the MACs. So could you please add support for the SHA2 encrypt-then-mac algorithms?

According to the SSHJ GitHub page it already supports hmac-sha2-256-etm@openssh.com and hmac-sha2-512-etm@openssh.com.
So why has this not been added to the SFTP plugin? I thought it used SSHJ?

[ghisler(Author)]

This must have been a recent addition to SSHJ, because the version I use doesn't support hmac-sha2-256-etm.
Why do you think HMAC-SHA2 is weak?

[cgar]

The technical details are a bit beyond me but its because it uses encrypt-and-mac as opposed to encrypt-then-mac.

The full details that ssh-audit link to are this:

Bellare, M., Namprempre, C., "Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm", <http://cseweb.ucsd.edu/~mihir/papers/oem.pdf>, pg. 5, Published Jul. 14, 2007, Retrieved Oct. 9, 2017

[VilhoKoivunen]

The technical details are a bit beyond me but its because it uses encrypt-and-mac as opposed to encrypt-then-mac.

The full details that ssh-audit link to are this:

Bellare, M., Namprempre, C., "Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm", <http://cseweb.ucsd.edu/~mihir/papers/oem.pdf>, pg. 5, Published Jul. 14, 2007, Retrieved Oct. 9, 2017

This is already outdated information.

---

- - - Edit by moderator:


User modified his post to add a HIDDEN Spam URL, ... do you spot it? I have highlighted it for you already (I mean not the edu-thinggy )

>> spam disarmed ; User banned

Please help us and report such post (see the [!] button) if you find them on browsing the forum, thanks.


[MTAG]

[cgar]

This is already outdated information.

What do you mean? Was it later found to be safe?
It seems unlikely that the perception of it would grow more safe with time.

[cgar]

[…]

Any update on this?

[ghisler(Author)]

Sorry, I haven't had the time yet to work on that. It's always quite time consuming to adapt the library to Android, especially to support older Android versions.

[cgar]

Totally understandable. When you get the chance is fine.
I'm completely unfamiliar with the process so I had just assumed that it was a simple matter of rebuilding with the latest SSHJ version.

[ghisler(Author)]

I have just updated the sshj library now to the latest snapshot, and also the included BouncyCastle crypto library to the latest release version. Took me about half a day of work, so it wasn't that bad.

Please try this beta version here:
https://play.google.com/store/apps/details?id=com.ghisler.tcplugins.SFTP
Just enable beta versions, and you will get the update automatically via Play Store.

For me it works when I use the restrictions suggested here:
https://www.ssh-audit.com/hardening_guides.html

[cgar]

Thank you so much! It works flawlessly

I can now achieve the elusive 100 score while having access via TotalCmd.

I have tested it in various use cases. Navigation, copying, editing and attempting restricted file access.
No bugs Superb work!

Thanks again for taking the time to update for this and thanks for TotalCmd =D

[ghisler(Author)]

That's nice to hear! I'm currently checking with another user why he can't connect to his NAS, so the public release will have to wait a bit longer.

Btw, for anyone using the SFTP for Windows plugin, I have updated that too to support hmac-sha2-256-etm@openssh.com and hmac-sha2-512-etm@openssh.com. This took a bit longer because I had to develop it myself.