Comment 0 for bug 1409798

Richard Hansen (rhansen) wrote :

Since version 2013.56, dropbear has supported the hmac-sha2-256 and hmac-sha2-512 MAC algorithms, but they are disabled by default. According to the dropbear changelog, enabling them is a matter of uncommenting the following two lines in options.h:

    /*#define DROPBEAR_SHA2_256_HMAC*/
    /*#define DROPBEAR_SHA2_512_HMAC*/

Due to recent NSA revelations, some people are recommending users disable certain algorithms. If the recommendations at <https://stribika.github.io/2015/01/04/secure-secure-shell.html> are followed, there are no MAC algorithms left that dropbear supports unless hmac-sha2-256 and hmac-sha2-512 are enabled.