Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Need to disable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm
Operating Systems Solaris Need to disable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm Post 302979098 by amity on Tuesday 9th of August 2016 09:32:40 AM
Old 08-09-2016
Dear Jim

Thanks for the showing interest in resolving my issue actually I cannot login into this server due to some restriction but I need to provide the solution to disable it. This is recommeded by audit team, please find below link

A Security Vulnerability in Solaris Secure Shell (SSH) May Expose Some Plain Text From Encrypted Traffic

These are related to security issue. I am not able to find anything exactly related to disabling these for Solaris . Further I am able to find out only one solution on IBM/HPE site. I hope these will help you in finding the exact answer from Solaris point of view.

FAQ: How do I disable Cipher Block Chaining (CBC) Mode Ciphers and Weak MAC Algorithms in SSH in IBM PureData System for Operational Analytics - dWAnswers
Solved: Disable CBC mode cipher encryption , MD5 and 96-bi... - Hewlett Packard Enterprise Community
Last edited by amity; 08-09-2016 at 10:41 AM.. Reason: add one more link for better understanding
 

7 More Discussions You Might Find Interesting

1. Cybersecurity

MD5 to DES encryption

Is it possible to change the type of encryption from MD5 to DES without removing a user? Way back when this server was created, users were created with the MD5 encryption. Now, all users created with DES encryption. Is it possible to just change the type of password encryption? Users using... (1 Reply)
Discussion started by: Larsonist
1 Replies

2. AIX

How to disable encryption below 128 bit in Websphere ?

Hi, Hi I have setup Websphere Portal and Apache server on Solaris. The problem is that clients are allowed to negotiate lower encryption levels and by default the Websphere Apache HTTP server accepts 56-bit keys (your Firefox client requested 256-bit AES below). So How to disable... (0 Replies)
Discussion started by: neel.gurjar
0 Replies

3. Solaris

md5 encryption on solaris 8

is there patches enable passwords of greater than 8 characters with only md5 encryption (rather than the older crypt) for solaris 8. I am migrating a number of solaris 8 domains to branded zones. (1 Reply)
Discussion started by: frustin
1 Replies

4. Cybersecurity

How to Disable Ciphers and Reconfigure Encryption?

Hello, I recently had a Retina scan of my system and there are some findings I do not understand. SSL Week Cipher Strength Supported - Retina has detected that the targeted SSL Service supports a cryptographically weak cipher strength... Disable ciphers that support less than 128-bit... (4 Replies)
Discussion started by: stringman
4 Replies

5. Cybersecurity

File encryption tools with MAC address as an encryption key

Hi all, I'm looking for secure file encryption tools that use MAC address as encryption key. FYI, I'm using Red Hat Enterprise Linux OS. For example: when A wants to send file to B A will encrypt the file with B's computer MAC/IP address as an encryption key This file can only be decrypted... (2 Replies)
Discussion started by: sergionicosta
2 Replies

6. Solaris

Solaris 8 MD5 encryption support

Hi, I did some NIS migration tests recently. The target is to migrate the NIS server from Solaris 8 to Redhat Linux 6.5. And, I found there are encryption issues while Linux NIS using MD5 hashing password for authentication whereas Solaris 8 clients using DES encryption. It causes issues... (3 Replies)
Discussion started by: bestard
3 Replies

7. UNIX for Advanced & Expert Users

Disabling CBC Cipher mode causes login problems

Hi, As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption. To do this, in sshd_config I comment out these lines : Ciphers aes128-cbc,blowfish-cbc,3des-cbc MACS hmac-sha1,hmac-md5 and add... (9 Replies)
Discussion started by: anaigini45
9 Replies

LEARN ABOUT SUSE

crypt::blowfish

Blowfish(3)						User Contributed Perl Documentation					       Blowfish(3)

NAME

       Crypt::Blowfish - Perl Blowfish encryption module

SYNOPSIS

	 use Crypt::Blowfish;
	 my $cipher = new Crypt::Blowfish $key;
	 my $ciphertext = $cipher->encrypt($plaintext);
	 my $plaintext	= $cipher->decrypt($ciphertext);

	 You probably want to use this in conjunction with
	 a block chaining module like Crypt::CBC.

DESCRIPTION

       Blowfish is capable of strong encryption and can use key sizes up to 56 bytes (a 448 bit key).  You're encouraged to take advantage of the
       full key size to ensure the strongest encryption possible from this module.

       Crypt::Blowfish has the following methods:

	blocksize()
	keysize()
	encrypt()
	decrypt()

FUNCTIONS

       blocksize
	   Returns the size (in bytes) of the block cipher.

	   Crypt::Blowfish doesn't return a key size due to its ability to use variable-length keys.  More accurately, it shouldn't, but it does
	   anyway to play nicely with others.

       new
		   my $cipher = new Crypt::Blowfish $key;

	   This creates a new Crypt::Blowfish BlockCipher object, using $key, where $key is a key of "keysize()" bytes (minimum of eight bytes).

       encrypt
		   my $cipher = new Crypt::Blowfish $key;
		   my $ciphertext = $cipher->encrypt($plaintext);

	   This function encrypts $plaintext and returns the $ciphertext where $plaintext and $ciphertext must be of "blocksize()" bytes.  (hint:
	   Blowfish is an 8 byte block cipher)

       decrypt
		   my $cipher = new Crypt::Blowfish $key;
		   my $plaintext = $cipher->decrypt($ciphertext);

	   This function decrypts $ciphertext and returns the $plaintext where $plaintext and $ciphertext must be of "blocksize()" bytes.  (hint:
	   see previous hint)

EXAMPLE

	       my $key = pack("H16", "0123456789ABCDEF");  # min. 8 bytes
	       my $cipher = new Crypt::Blowfish $key;
	       my $ciphertext = $cipher->encrypt("plaintex");  # SEE NOTES
	       print unpack("H16", $ciphertext), "
";

PLATFORMS

	       Please see the README document for platforms and performance
	       tests.

NOTES

       The module is capable of being used with Crypt::CBC.  You're encouraged to read the perldoc for Crypt::CBC if you intend to use this module
       for Cipher Block Chaining modes.  In fact, if you have any intentions of encrypting more than eight bytes of data with this, or any other
       block cipher, you're going to need some type of block chaining help.  Crypt::CBC tends to be very good at this.	If you're not going to
       encrypt more than eight bytes, your data must be exactly eight bytes long.  If need be, do your own padding. "" as a null byte is
       perfectly valid to use for this.

SEE ALSO

       Crypt::CBC, Crypt::DES, Crypt::IDEA

       Bruce Schneier, Applied Cryptography, 1995, Second Edition, published by John Wiley & Sons, Inc.

COPYRIGHT

       The implementation of the Blowfish algorithm was developed by, and is copyright of, A.M. Kuchling.

       Other parts of the perl extension and module are copyright of Systemics Ltd ( http://www.systemics.com/ ).

       Code revisions, updates, and standalone release are copyright 1999-2010 W3Works, LLC.

AUTHOR

       Original algorithm, Bruce Shneier.  Original implementation, A.M.  Kuchling.  Original Perl implementation, Systemics Ltd.  Current
       maintenance by W3Works, LLC.

       Current revision and maintainer:  Dave Paris <amused@pobox.com>

perl v5.12.1							    2010-03-04							       Blowfish(3)
All times are GMT -4. The time now is 06:57 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy