• Synthead@lemmy.world
    link
    fedilink
    English
    arrow-up
    61
    ·
    11 months ago

    ChaCha20-Poly1305 and CBC with Encrypt-then-MAC ciphers are vulnerable to a MITM attack.

    Saved you a click.

      • thisisawayoflife@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        11 months ago

        Just checked my own sshd configs and I don’t use CBC in them. I’ve based the kex/cipher/Mac configs off of cipherlist.eu and the mozilla docs current standards. Guess it pays to never use default configs for sshd if it’s ever exposed to the Internet.

        Edit: I read it wrong. It’s chacha20 OR CBC. I rely heavily on the former with none of the latter.

    • NateNate60@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      I thought most SSH servers default to some AES-based cypher like most other programs. Is that not the case?