[OpenWrt-Devel] [PATCH] [package] dropbear: enable sha2-based hmac by default.

Weedy weedy2887 at gmail.com
Fri Oct 3 13:55:29 EDT 2014 

On 27/09/14 01:29 PM, Alive wrote:
> On 27/09/2014 23:34, Weedy wrote:
>> I got bit by this last week when I audited my ssh config and dropped all
>> weak/slow ciphers.
>> Couldn't log into my routers and had to add md5 ciphers and macs back.
>>
> You must rebuild dropbear package cleanly to test this patch
> 
> Save the patch as file located on
> package/network/services/dropbear/patches/600-enable-hmac-sha2.patch,
> relative to OpenWrt source directory. The patch is available here
> http://patchwork.openwrt.org/patch/6322/
> 
> Do "make clean" to clean up the package, and then "make" to build the
> firmware.
> Flash the resulting firmware and test connecting to dropbear ssh daemon.
> 
> To test using hmac-sha2-256, run this command
> ssh -o MACs=hmac-sha2-256 root at OpenWrt
> To test using hmac-sha2-512, run this command
> ssh -o MACs=hmac-sha2-512 root at OpenWrt
> 
> For your information, there is almost no difference between message
> authentication algorithm in time needed to establish ssh connection.
> 
> I perform the test on my TL-MR3220 (AR9330, mips, dropbear 2014.65,
> r42321). The identity file is cached via ssh-agent. The test commands
> are bellow.
> time ssh -o MACs=hmac-md5 OpenWrt /bin/true
> time ssh -o MACs=hmac-sha1 OpenWrt /bin/true
> time ssh -o MACs=hmac-sha2-256 OpenWrt /bin/true
> time ssh -o MACs=hmac-sha2-512 OpenWrt /bin/true
> 
> Here are time needed to establish ssh connection
> +---------+----------+----------+----------+----------+
> |time\hmac|    md5   |   sha1   |  sha256  |  sha512  |
> +---------+----------+----------+----------+----------+
> | real    | 0m3.526s | 0m3.631s | 0m3.519s | 0m3.543s |
> | user    | 0m0.015s | 0m0.061s | 0m0.015s | 0m0.031s |
> | sys     | 0m0.077s | 0m0.046s | 0m0.093s | 0m0.092s |
> +---------+----------+----------+----------+----------+
> 
> Putty and Bitvise will try connecting using hmac-sha2-256 when
> available, whereas OpenSSH will use hmac-md5 by default.
> 
> I hope this information will be a good reason for enabling sha2-based
> hmac on dropbear by default.
> 

Based off failed ciphers/macs
no matching cipher found: client rijndael-cbc at lysator.liu.se server
aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc
no matching mac found: client hmac-ripemd160-etm at openssh.com server
hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5

for cipher in 3des-cbc 3des-ctr aes128-cbc aes256-cbc aes128-ctr
aes256-ctr; do for mac in hmac-md5 hmac-sha1 hmac-sha2-256
hmac-sha2-512; do echo ""; echo "cipher: $cipher"; echo "mac: $mac"; for
bah in 1 2 3; do dd if=/dev/zero bs=1M count=25 | ssh -c "$cipher" -m
"$mac" -o "Compression no" root at openwrt.lan 'time cat - >/dev/null';
echo ""; sleep 2; done; done; done

OpenSSH_6.6.1 connecting to TP-Link 4300, time to transfer 26MiB of junk
to null. Best of three, my router is in use and not idle.

3des-cbc
+---------+----------+----------+----------+----------+
|time\hmac|    md5   |   sha1   |  sha256  |  sha512  |
+---------+----------+----------+----------+----------+
| real    | 0m27.65s | 0m27.98s | 0m29.47s | 0m31.93s |
| user    | 0m 0.05s | 0m 0.04s | 0m 0.02s | 0m 0.04s |
| sys     | 0m 0.25s | 0m 0.22s | 0m 0.24s | 0m 0.22s |
+---------+----------+----------+----------+----------+

aes128-cbc
+---------+----------+----------+----------+----------+
|time\hmac|    md5   |   sha1   |  sha256  |  sha512  |
+---------+----------+----------+----------+----------+
| real    | 0m12.07s | 0m12.62s | 0m13.61s | 0m16.05s |
| user    | 0m 0.02s | 0m 0.03s | 0m 0.00s | 0m 0.02s |
| sys     | 0m 0.27s | 0m 0.23s | 0m 0.21s | 0m 0.22s |
+---------+----------+----------+----------+----------+

aes256-cbc
+---------+----------+----------+----------+----------+
|time\hmac|    md5   |   sha1   |  sha256  |  sha512  |
+---------+----------+----------+----------+----------+
| real    | 0m13.32s | 0m13.61s | 0m14.97s | 0m17.71s |
| user    | 0m 0.02s | 0m 0.03s | 0m 0.03s | 0m 0.03s |
| sys     | 0m 0.27s | 0m 0.23s | 0m 0.22s | 0m 0.28s |
+---------+----------+----------+----------+----------+

aes128-ctr
+---------+----------+----------+----------+----------+
|time\hmac|    md5   |   sha1   |  sha256  |  sha512  |
+---------+----------+----------+----------+----------+
| real    | 0m12.64s | 0m12.80s | 0m13.74s | 0m16.19s |
| user    | 0m 0.04s | 0m 0.02s | 0m 0.02s | 0m 0.01s |
| sys     | 0m 0.18s | 0m 0.24s | 0m 0.17s | 0m 0.23s |
+---------+----------+----------+----------+----------+

aes256-ctr
+---------+----------+----------+----------+----------+
|time\hmac|    md5   |   sha1   |  sha256  |  sha512  |
+---------+----------+----------+----------+----------+
| real    | 0m13.40s | 0m13.84s | 0m15.20s | 0m18.11s |
| user    | 0m 0.01s | 0m 0.03s | 0m 0.02s | 0m 0.00s |
| sys     | 0m 0.17s | 0m 0.16s | 0m 0.18s | 0m 0.24s |
+---------+----------+----------+----------+----------+


We should dump 3des-* and pick up arcfour*
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list