Hardening dropbear

I've been notified about the results of the ssh-audit[1] security
scanner.

This gave me the opportunity to learn a bit about how SSH works under
the hood.

This article[2] explains how the session is established.
I learned from it that the diffie-hellman procedure used to exchange
the session key between client and server is based on temporary keys.
The persistent host keys are only used for authentication.

MAC-then-encrypt or encrypt-then-MAC?[3]
The MAC authenticates the message
* MAC-then-encrypt (TLS):
   Encrypt(PlainText . MAC(PlainText))
* MAC-and-encrypt (SSH):
   Encrypt(PlainText) . MAC(PlainText)
* encrypt-then-MAC (who does that?):
   Encrypt(PlainText) . MAC(Encrypt(PlainText))
From the stackexchange thread, I could infer that the latter has stronger
guarantees.

Other interesting reads:
MAC wikipedia page[4].


[1] https://github.com/jtesta/ssh-audit
[2] https://www.digitalocean.com/community/tutorials/understanding-the-ssh-encryption-and-connection-process#authenticating-the-user-s-access-to-the-server
[3] https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac
[4] https://en.wikipedia.org/wiki/Message_authentication_code

You are viewing proxied material from dacav.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.