On Wed, 3 Apr 2024, wes wrote:
the macs listed in ssh -Q mac are the macs the software is capable of using.
the macs listed in sshd_config are the macs _enabled_ for use.
macs are disabled by default when they are deemed to be below a
desirable security threshold. sometimes this happens because an algorithm
is actually broken, and sometimes it happens simply because of age.
algorithms are designed to maximize security with as little cpu overhead
as possible. as the average cpu power available to the general public
increases, algorithms designed for lower cpu power environments become
easier to crack. so after a certain age, an algo is simply assumed to be
broken without any actual evidence of that happening.
I don't agree with it, but that's the way it works.
wes,
Thank you.
Rich
