Login or Register to Ask a Question and Join Our Community


AIX

Disable any 96-bit HMAC Algorithms

 
Thread Tools Search this Thread
Operating Systems AIX Disable any 96-bit HMAC Algorithms
Prev   Next
# 1  
Old 06-12-2014
Disable any 96-bit HMAC Algorithms
Received a vulnerability - SSH INSECURE HMAC ALGORITHMS ENABLED.

The solution was to Disable any 96-bit HMAC Algorithms. Disable any MD5-based HMAC Algorithms.

Can someone please tell me how to disable in AIX 5.3?

Thanks,
Sudo
 
Login or Register to Ask a Question

Previous Thread | Next Thread

7 More Discussions You Might Find Interesting

1. Windows & DOS: Issues & Discussions

Which version of Windows Vista to install with a product key? 32-bit or 64-bit?

Hello everyone. I bought a dell laptop (XPS M1330) online which came without a hard drive. There is a Windows Vista Ultimate OEMAct sticker with product key at the bottom case. I checked dell website (here) for this model and it says this model supports both 32 and 64-bit version of Windows... (4 Replies)
Discussion started by: milhan
4 Replies

2. Solaris

Need to disable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm

Hi All Is any one know how to diable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm in solaris 10. Regards (4 Replies)
Discussion started by: amity
4 Replies

3. Shell Programming and Scripting

How to handle 64 bit arithmetic operation at 32 bit compiled perl interpreter?H

Hi, Here is the issue. From the program snippet I have Base: 0x1800000000, Size: 0x3FFE7FFFFFFFF which are of 40 and 56 bits. SO I used use bignum to do the math but summing them up I always failed having correct result. perl interpreter info, perl, v5.8.8 built for... (0 Replies)
Discussion started by: rrd1986
0 Replies

4. Red Hat

SSL/TLS renegotiation DoS -how to disable? Is it advisable to disable?

Hi all Expertise, I have following issue to solve, SSL / TLS Renegotiation DoS (low) 222.225.12.13 Ease of Exploitation Moderate Port 443/tcp Family Miscellaneous Following is the problem description:------------------ Description The remote service encrypts traffic using TLS / SSL and... (2 Replies)
Discussion started by: manalisharmabe
2 Replies

5. UNIX and Linux Applications

Cryotography -Linux API for HMAC-SHA256 algorithm

Hi all, I need to calculate MAC value using HMAC-SHA256 algorithm with a message and a key. Is there any Linux APIs/utilities already exist for HMAC-SHA256? Thanks, Amio (3 Replies)
Discussion started by: amio
3 Replies

6. AIX

How to disable encryption below 128 bit in Websphere ?

Hi, Hi I have setup Websphere Portal and Apache server on Solaris. The problem is that clients are allowed to negotiate lower encryption levels and by default the Websphere Apache HTTP server accepts 56-bit keys (your Firefox client requested 256-bit AES below). So How to disable... (0 Replies)
Discussion started by: neel.gurjar
0 Replies

7. Programming

copying or concatinating string from 1st bit, leaving 0th bit

Hello, If i have 2 strings str1 and str2, i would like to copy/concatenate str2 to str1, from 1st bit leaving the 0th bit. How do i do it? (2 Replies)
Discussion started by: jazz
2 Replies
Login or Register to Ask a Question

LEARN ABOUT OPENSOLARIS

ipsecah

ipsecah(7P)							     Protocols							       ipsecah(7P)

NAME

       ipsecah, AH - IPsec Authentication Header

SYNOPSIS

       drv/ipsecah

DESCRIPTION

       The  ipsecah module (AH) provides strong integrity,  authentication, and partial sequence integrity (replay protection) to IP datagrams. AH
       protects the parts of the IP datagram that can be predicted by the sender as it will be received by the receiver. For example, the  IP  TTL
       field is not a predictable field, and is not protected by AH.

       AH  is inserted between the IP header and the transport header. The transport header can be  TCP,  UDP, ICMP, or another IP header, if tun-
       nels are  being used. See tun(7M).

   AH Device
       AH is implemented as a module that is auto-pushed on top of IP. The entry /dev/ipsecah is used for tuning AH with ndd(1M).

   Authentication Algorithms
       Current authentication algorithms supported include HMAC-MD5 and HMAC-SHA-1. Each authentication algorithm has its own  key  size  and  key
       format properties. You can obtain a list of authentication algorithms and their properties by using the ipsecalgs(1M) command. You can also
       use the functions described in the getipsecalgbyname(3NSL) man page to retrieve the properties of algorithms.

   Security Considerations
       Without replay protection enabled, AH is vulnerable to replay attacks. AH does not protect against eavesdropping. Data  protected  with	AH
       can still be seen by an adversary.

ATTRIBUTES

       See attributes(5)  for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsr			   |
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ipsecalgs(1M), ipsecconf(1M), ndd(1M), attributes(5), getipsecalgbyname(3NSL), tun(7M), ip(7P), ipsec(7P), ipsecesp(7P)

       Kent, S. and Atkinson, R.RFC 2402, IP Authentication Header, The Internet Society, 1998.

SunOS 5.11							    20 May2003							       ipsecah(7P)