HPE Community
Operating System - HP-UX
1758389 Members
2630 Online
108868 Solutions
New Discussion

HP/UX 11.11 SFTP Algorithm?

 
SOLVED
Go to solution
Leam Hall
Frequent Advisor

‎03-31-2010 06:29 AM

‎03-31-2010 06:29 AM

HP/UX 11.11 SFTP Algorithm?

Morning all!

I'm being asked what algorithm HP/UX 11.11 sftp uses. sftp -vvv localhost shows:

debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5

So I was hoping it would be AES 128, but it looks like even to itself it's only using HMAC-MD5? That sould right, or am I looking in the wrong place?

Server info:

OpenSSH_5.2p1+sftpfilecontrol-v1.3, OpenSSL 0.9.8k 25 Mar 2009
HP-UX Secure Shell-A.05.20.004, HP-UX Secure Shell version

Thanks!

Leam
0 Kudos
Reply
1 REPLY 1
Matti_Kurkela
Honored Contributor

‎03-31-2010 07:19 AM

‎03-31-2010 07:19 AM

Solution

Re: HP/UX 11.11 SFTP Algorithm?

HMAC = Hash-based Message Authentication Code.

This is used for verifying the integrity of the transferred data, not for encryption.

> debug1: kex: server->client aes128-ctr hmac-md5 none

As far as I understand, the "aes128-ctr hmac-md5 none" is a triplet listing the chosen encryption, integrity check and data compression algorithms in the listed direction.

In other words, the server will use aes128-ctr for encryption, hmac-md5 for integrity checking, and no compression.

Somewhere near the lines you showed us, there should be another line listing the protocol choices in the client->server direction.

(You might ask: "Why would the choice of protocols ever be asymmetric?" For example, if the client is a mobile device with limited CPU power, it might not want to encrypt using an algorithm that requires a lot of CPU cycles to encrypt.

But if decrypting using that algorithm with a correct key does take much less CPU power than encryption, the client might be willing to receive data using that protocol, and use something else for sending.)

MK
MK
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.