Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Need to disable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm
Operating Systems Solaris Need to disable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm Post 302979177 by jim mcnamara on Wednesday 10th of August 2016 12:19:27 PM
Old 08-10-2016
what version of Solaris has this issue? If you patched the system regularly this this was resolved in 2009.

These patches fix the problem:
Code:
Sparc:
    Solaris 9 without patch 122300-38
    Solaris 10 without patch 140774-02

x86 Platform:

    Solaris 9 without patch 122301-38
    Solaris 10 without patch 140775-02

If you have Oracle support contact them for help. You will have to have support anyway to get access to any patches. I do not think V9 patches are available anymore - maybe someone else knows more about v9 patches. At any rate the correct way to fix these issues is with a patch.

If I understand correctly:
You do not want to disable encryption. Period. Unless a misguided auditor tells you to do this in writing. You could be out of a job quickly.
Here is why: ssh may not talk to any other ssh client or server. The sshd.conf file specifies what encryption you use - the default for Solaris 10 was AES128, IRRC, for example.

So what Solaris version do you have, please show the output of:
Code:
uname -a
cat /etc/release

 

7 More Discussions You Might Find Interesting

1. Cybersecurity

MD5 to DES encryption

Is it possible to change the type of encryption from MD5 to DES without removing a user? Way back when this server was created, users were created with the MD5 encryption. Now, all users created with DES encryption. Is it possible to just change the type of password encryption? Users using... (1 Reply)
Discussion started by: Larsonist
1 Replies

2. AIX

How to disable encryption below 128 bit in Websphere ?

Hi, Hi I have setup Websphere Portal and Apache server on Solaris. The problem is that clients are allowed to negotiate lower encryption levels and by default the Websphere Apache HTTP server accepts 56-bit keys (your Firefox client requested 256-bit AES below). So How to disable... (0 Replies)
Discussion started by: neel.gurjar
0 Replies

3. Solaris

md5 encryption on solaris 8

is there patches enable passwords of greater than 8 characters with only md5 encryption (rather than the older crypt) for solaris 8. I am migrating a number of solaris 8 domains to branded zones. (1 Reply)
Discussion started by: frustin
1 Replies

4. Cybersecurity

How to Disable Ciphers and Reconfigure Encryption?

Hello, I recently had a Retina scan of my system and there are some findings I do not understand. SSL Week Cipher Strength Supported - Retina has detected that the targeted SSL Service supports a cryptographically weak cipher strength... Disable ciphers that support less than 128-bit... (4 Replies)
Discussion started by: stringman
4 Replies

5. Cybersecurity

File encryption tools with MAC address as an encryption key

Hi all, I'm looking for secure file encryption tools that use MAC address as encryption key. FYI, I'm using Red Hat Enterprise Linux OS. For example: when A wants to send file to B A will encrypt the file with B's computer MAC/IP address as an encryption key This file can only be decrypted... (2 Replies)
Discussion started by: sergionicosta
2 Replies

6. Solaris

Solaris 8 MD5 encryption support

Hi, I did some NIS migration tests recently. The target is to migrate the NIS server from Solaris 8 to Redhat Linux 6.5. And, I found there are encryption issues while Linux NIS using MD5 hashing password for authentication whereas Solaris 8 clients using DES encryption. It causes issues... (3 Replies)
Discussion started by: bestard
3 Replies

7. UNIX for Advanced & Expert Users

Disabling CBC Cipher mode causes login problems

Hi, As part of the security hardening activity in our team, we have to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption. To do this, in sshd_config I comment out these lines : Ciphers aes128-cbc,blowfish-cbc,3des-cbc MACS hmac-sha1,hmac-md5 and add... (9 Replies)
Discussion started by: anaigini45
9 Replies

LEARN ABOUT DEBIAN

crypt::rijndael

Rijndael(3pm)						User Contributed Perl Documentation					     Rijndael(3pm)

NAME

       Crypt::Rijndael - Crypt::CBC compliant Rijndael encryption module

SYNOPSIS

	use Crypt::Rijndael;

	# keysize() is 32, but 24 and 16 are also possible
	# blocksize() is 16

	$cipher = Crypt::Rijndael->new( "a" x 32, Crypt::Rijndael::MODE_CBC() );

	$cipher->set_iv($iv);
	$crypted = $cipher->encrypt($plaintext);
	       # - OR -
	$plaintext = $cipher->decrypt($crypted);

DESCRIPTION

       This module implements the Rijndael cipher, which has just been selected as the Advanced Encryption Standard.

       keysize
	   Returns the keysize, which is 32 (bytes). The Rijndael cipher actually supports keylengths of 16, 24 or 32 bytes, but there is no way
	   to communicate this to "Crypt::CBC".

       blocksize
	   The blocksize for Rijndael is 16 bytes (128 bits), although the algorithm actually supports any blocksize that is any multiple of our
	   bytes.  128 bits, is however, the AES-specified block size, so this is all we support.

       $cipher = Crypt::Rijndael->new( $key [, $mode] )
	   Create a new "Crypt::Rijndael" cipher object with the given key (which must be 128, 192 or 256 bits long). The additional $mode
	   argument is the encryption mode, either "MODE_ECB" (electronic codebook mode, the default), "MODE_CBC" (cipher block chaining, the same
	   that "Crypt::CBC" does), "MODE_CFB" (128-bit cipher feedback), "MODE_OFB" (128-bit output feedback), or "MODE_CTR" (counter mode).

	   ECB mode is very insecure (read a book on cryptography if you dont know why!), so you should probably use CBC mode.

       $cipher->set_iv($iv)
	   This allows you to change the initial value vector used by the chaining modes.  It is not relevant for ECB mode.

       $cipher->encrypt($data)
	   Encrypt data. The size of $data must be a multiple of "blocksize" (16 bytes), otherwise this function will croak. Apart from that, it
	   can be of (almost) any length.

       $cipher->decrypt($data)
	   Decrypts $data.

   Encryption modes
       Use these constants to select the cipher type:

       MODE_CBC - Cipher Block Chaining
       MODE_CFB - Cipher feedback
       MODE_CTR - Counter mode
       MODE_ECB - Electronic cookbook mode
       MODE_OFB - Output feedback
       MODE_PCBC - ignore this one for now :)

SEE ALSO

       Crypt::CBC, http://www.csrc.nist.gov/encryption/aes/

BUGS

       Should EXPORT or EXPORT_OK the MODE constants.

AUTHOR

       Currently maintained by brian d foy, "<bdfoy@cpan.org>".

       Original code by  Rafael R. Sevilla.

       The Rijndael Algorithm was developed by Vincent Rijmen and Joan Daemen, and has been selected as the US Government's Advanced Encryption
       Standard.

SOURCE

       This code is in Github:

	       git://github.com/briandfoy/crypt-rijndael.git

LICENSE

       This software is licensed under the Lesser GNU Public License. See the included COPYING file for details.

perl v5.14.2							    2009-12-10							     Rijndael(3pm)
All times are GMT -4. The time now is 08:06 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy