Hi All,
Please let me know which SHA1 hashing algorithm is secure,
hmac-sha1 or hmac-sha1-96.
Which should i opt when performing SSH hardening.
Thank you.
Gayan.
Solved! Go to Solution.
Hi,
Hashing algorithms are as secure as the mathematical function is, while afterwards what matters is the bit length, bigger being preferred as it means less chances for collisions (multiple inputs ending up with the same hash output). SHA1-96 is the same thing as SHA1, both compute a 160 bit hash, it's just that SHA1-96 truncates and embeds a 96-bit hash value in the packet. SHA1-96 was really only an option designed to fix some issues with IPsec AH.
So, at the end of the day, use the mainstream SHA1, as long as the other side (like your SSH client) supports it as well.
Regards,
Cristian Matei.
below information may help you :
https://community.cisco.com/t5/security-documents/hmac/ta-p/3113602
Hi BB,
I am aware that both HMAC-Sha1 or HMAC-Sha1-96 are variants of Sha1 algorithm when configuring SSH options. Please let me know which option should I use for SSH for better security.
Thank You,
Gayan
Hi,
Hashing algorithms are as secure as the mathematical function is, while afterwards what matters is the bit length, bigger being preferred as it means less chances for collisions (multiple inputs ending up with the same hash output). SHA1-96 is the same thing as SHA1, both compute a 160 bit hash, it's just that SHA1-96 truncates and embeds a 96-bit hash value in the packet. SHA1-96 was really only an option designed to fix some issues with IPsec AH.
So, at the end of the day, use the mainstream SHA1, as long as the other side (like your SSH client) supports it as well.
Regards,
Cristian Matei.
Hi Cristian Matei,
Thank you for the explonation.
Gayan