Package: dropbear
Version: 2014.65-1
Severity: wishlist
Tags: patch
Since version 2013.56, dropbear has supported the hmac-sha2-256 and
hmac-sha2-512 MAC algorithms, but they are disabled by default.
According to the dropbear changelog, enabling them is a matter of
uncommenting the following two lines in options.h:
/*#define DROPBEAR_SHA2_256_HMAC*/
/*#define DROPBEAR_SHA2_512_HMAC*/
Due to recent NSA revelations, some people are recommending users
disable certain algorithms. If the recommendations at
<https://stribika.github.io/2015/01/04/secure-secure-shell.html> are
followed, there are no MAC algorithms left that dropbear supports unless
these two mac algorithms are enabled.
Ubuntu bug report:
https://bugs.launchpad.net/debian/+source/dropbear/+bug/1409798
Ubuntu debdiff (should only need minor modifications for Debian):
https://launchpadlibrarian.net/194634645/dropbear-utopic-vivid-debdiff.diff
Thanks,
Richard
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
