HP/UX 11.11 SFTP Algorithm?

Leam Hall — Wed, 31 Mar 2010 13:29:53 GMT

Morning all!

I'm being asked what algorithm HP/UX 11.11 sftp uses. sftp -vvv localhost shows:

debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5

So I was hoping it would be AES 128, but it looks like even to itself it's only using HMAC-MD5? That sould right, or am I looking in the wrong place?

Server info:

OpenSSH_5.2p1+sftpfilecontrol-v1.3, OpenSSL 0.9.8k 25 Mar 2009
HP-UX Secure Shell-A.05.20.004, HP-UX Secure Shell version

Thanks!

Leam

Re: HP/UX 11.11 SFTP Algorithm?

Matti_Kurkela — Wed, 31 Mar 2010 14:19:34 GMT

HMAC = Hash-based Message Authentication Code.

This is used for verifying the integrity of the transferred data, not for encryption.

> debug1: kex: server->client aes128-ctr hmac-md5 none

As far as I understand, the "aes128-ctr hmac-md5 none" is a triplet listing the chosen encryption, integrity check and data compression algorithms in the listed direction.

In other words, the server will use aes128-ctr for encryption, hmac-md5 for integrity checking, and no compression.

Somewhere near the lines you showed us, there should be another line listing the protocol choices in the client->server direction.

(You might ask: "Why would the choice of protocols ever be asymmetric?" For example, if the client is a mobile device with limited CPU power, it might not want to encrypt using an algorithm that requires a lot of CPU cycles to encrypt.

But if decrypting using that algorithm with a correct key does take much less CPU power than encryption, the client might be willing to receive data using that protocol, and use something else for sending.)

MK

topic Re: HP/UX 11.11 SFTP Algorithm? in Operating System - HP-UX

HP/UX 11.11 SFTP Algorithm?

Re: HP/UX 11.11 SFTP Algorithm?