[Bug 1409798] Re: enable hmac-sha2-256, hmac-sha2-512 MAC algorithms

Richard Hansen 1409798 at bugs.launchpad.net
Sat Feb 7 11:03:43 UTC 2015 

** Description changed:

+ [Impact]
+ 
  Since version 2013.56, dropbear has supported the hmac-sha2-256 and
  hmac-sha2-512 MAC algorithms, but they are disabled by default.
  According to the dropbear changelog, enabling them is a matter of
  uncommenting the following two lines in options.h:
  
-     /*#define DROPBEAR_SHA2_256_HMAC*/
-     /*#define DROPBEAR_SHA2_512_HMAC*/
+     /*#define DROPBEAR_SHA2_256_HMAC*/
+     /*#define DROPBEAR_SHA2_512_HMAC*/
  
  Due to recent NSA revelations, some people are recommending users
  disable certain algorithms.  If the recommendations at
  <https://stribika.github.io/2015/01/04/secure-secure-shell.html> are
  followed, there are no MAC algorithms left that dropbear supports unless
  hmac-sha2-256 and hmac-sha2-512 are enabled.
+ 
+ [Test Case]
+ 
+  Setup steps:
+   1. install dropbear and openssh-client:
+        sudo apt-get install dropbear openssh-client
+   2. if you have openssh-server installed, stop it:
+        sudo service ssh stop
+   3. make sure that the dropbear service is enabled by editing
+      /etc/default/dropbear and setting the NO_START variable to 0 like
+      this:
+        NO_START=0
+   4. start the dropbear service:
+        sudo service dropbear start
+ 
+  Test steps:
+   5. try the hmac-sha2-256 MAC:
+        ssh -o UserKnownHostsFile=/dev/null \
+            -o MACs=hmac-sha2-256 localhost
+   6. try the hmac-sha2-512 MAC:
+        ssh -o UserKnownHostsFile=/dev/null \
+            -o MACs=hmac-sha2-512 localhost
+ 
+  Cleanup steps:
+   7. stop the dropbear service:
+        sudo service dropbear stop
+   8. if you edited /etc/default/dropbear to enable the dropbear
+      service, disable it again by editing /etc/default/dropbear and
+      setting the NO_START variable to 1 like this:
+        NO_START=1
+   9. if you stopped the OpenSSH server, restart it:
+        sudo service ssh start
+ 
+ [Regression Potential]
+ 
+   * Due to being disabled by default upstream, the implementations of
+     the new MAC algorithms are probably not as well tested as the old
+     MAC algorithms.  This may increase the likelihood of compatibility
+     or security bugs.
+   * SSH clients are likely to prefer the new MAC algorithms over the
+     old MAC algorithms.  If either the client or server has an
+     implementation bug, the ability to connect may be impaired unless
+     the user configures the client to disallow the new algorithms or
+     prefer the old algorithms (e.g., via the ssh_config "MACs"
+     directive in OpenSSH).
+   * The new MAC algorithms may negatively impact performance.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1409798

Title:
  enable hmac-sha2-256, hmac-sha2-512 MAC algorithms

Status in dropbear package in Ubuntu:
  Fix Released
Status in dropbear package in Debian:
  New

Bug description:
  [Impact]

  Since version 2013.56, dropbear has supported the hmac-sha2-256 and
  hmac-sha2-512 MAC algorithms, but they are disabled by default.
  According to the dropbear changelog, enabling them is a matter of
  uncommenting the following two lines in options.h:

      /*#define DROPBEAR_SHA2_256_HMAC*/
      /*#define DROPBEAR_SHA2_512_HMAC*/

  Due to recent NSA revelations, some people are recommending users
  disable certain algorithms.  If the recommendations at
  <https://stribika.github.io/2015/01/04/secure-secure-shell.html> are
  followed, there are no MAC algorithms left that dropbear supports
  unless hmac-sha2-256 and hmac-sha2-512 are enabled.

  [Test Case]

   Setup steps:
    1. install dropbear and openssh-client:
         sudo apt-get install dropbear openssh-client
    2. if you have openssh-server installed, stop it:
         sudo service ssh stop
    3. make sure that the dropbear service is enabled by editing
       /etc/default/dropbear and setting the NO_START variable to 0 like
       this:
         NO_START=0
    4. start the dropbear service:
         sudo service dropbear start

   Test steps:
    5. try the hmac-sha2-256 MAC:
         ssh -o UserKnownHostsFile=/dev/null \
             -o MACs=hmac-sha2-256 localhost
    6. try the hmac-sha2-512 MAC:
         ssh -o UserKnownHostsFile=/dev/null \
             -o MACs=hmac-sha2-512 localhost

   Cleanup steps:
    7. stop the dropbear service:
         sudo service dropbear stop
    8. if you edited /etc/default/dropbear to enable the dropbear
       service, disable it again by editing /etc/default/dropbear and
       setting the NO_START variable to 1 like this:
         NO_START=1
    9. if you stopped the OpenSSH server, restart it:
         sudo service ssh start

  [Regression Potential]

    * Due to being disabled by default upstream, the implementations of
      the new MAC algorithms are probably not as well tested as the old
      MAC algorithms.  This may increase the likelihood of compatibility
      or security bugs.
    * SSH clients are likely to prefer the new MAC algorithms over the
      old MAC algorithms.  If either the client or server has an
      implementation bug, the ability to connect may be impaired unless
      the user configures the client to disallow the new algorithms or
      prefer the old algorithms (e.g., via the ssh_config "MACs"
      directive in OpenSSH).
    * The new MAC algorithms may negatively impact performance.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dropbear/+bug/1409798/+subscriptions

More information about the Ubuntu-sponsors mailing list