ssh: prefer sha256 based MAC algorithms

drakkan · gopherbot · commit 23b1b90df264 · 2023-07-05T20:33:07.000Z
sha256 is more optimized than sha512 in Go and is secure enough so prefer sha256 over sha512. Fixes golang/go#61138 Change-Id: I7658808655367f1ab5f4ac8b52e6b20bd30ebf87 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/507555 Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Joedian Reid <joedian@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
diff --git a/ssh/common.go b/ssh/common.go
@@ -85,7 +85,7 @@ var supportedHostKeyAlgos = []string{
 // This is based on RFC 4253, section 6.4, but with hmac-md5 variants removed
 // because they have reached the end of their useful life.
 var supportedMACs = []string{
-	"hmac-sha2-512-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1", "hmac-sha1-96",
+	"hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1", "hmac-sha1-96",
 }
 
 var supportedCompressions = []string{compressionNone}

Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,7 @@ var supportedHostKeyAlgos = []string{`
`85`	`85`	`// This is based on RFC 4253, section 6.4, but with hmac-md5 variants removed`
`86`	`86`	`// because they have reached the end of their useful life.`
`87`	`87`	`var supportedMACs = []string{`
`88`		`- "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1", "hmac-sha1-96",`
	`88`	`+ "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1", "hmac-sha1-96",`
`89`	`89`	`}`
`90`	`90`
`91`	`91`	`var supportedCompressions = []string{compressionNone}`