From 4b02a9b424be448aef5e00abe3bb22f56c84144b Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 28 Jan 2016 08:53:16 -0500 Subject: Drop support for RC4. It's cryptoanalytically completely 100% broken, and practical attacks have been demonstrated against it's usage in TLS. As far as I'm aware, there's no use case for RC4 based on compatibility. --- paramiko/transport.py | 25 ++----------------------- 1 file changed, 2 insertions(+), 23 deletions(-) diff --git a/paramiko/transport.py b/paramiko/transport.py index 18fb103b..5b440a4d 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -64,7 +64,7 @@ from paramiko.ssh_exception import (SSHException, BadAuthenticationType, ChannelException, ProxyCommandFailure) from paramiko.util import retry_on_signal, ClosingContextManager, clamp_value -from Crypto.Cipher import Blowfish, AES, DES3, ARC4 +from Crypto.Cipher import Blowfish, AES, DES3 try: from Crypto.Util import Counter except ImportError: @@ -106,8 +106,6 @@ class Transport (threading.Thread, ClosingContextManager): 'aes192-cbc', 'aes256-cbc', '3des-cbc', - 'arcfour128', - 'arcfour256', ) _preferred_macs = ( 'hmac-sha2-256', @@ -179,18 +177,6 @@ class Transport (threading.Thread, ClosingContextManager): 'block-size': 8, 'key-size': 24 }, - 'arcfour128': { - 'class': ARC4, - 'mode': None, - 'block-size': 8, - 'key-size': 16 - }, - 'arcfour256': { - 'class': ARC4, - 'mode': None, - 'block-size': 8, - 'key-size': 32 - }, } _mac_info = { @@ -1636,14 +1622,7 @@ class Transport (threading.Thread, ClosingContextManager): def _get_cipher(self, name, key, iv): if name not in self._cipher_info: raise SSHException('Unknown client cipher ' + name) - if name in ('arcfour128', 'arcfour256'): - # arcfour cipher - cipher = self._cipher_info[name]['class'].new(key) - # as per RFC 4345, the first 1536 bytes of keystream - # generated by the cipher MUST be discarded - cipher.encrypt(" " * 1536) - return cipher - elif name.endswith("-ctr"): + if name.endswith("-ctr"): # CTR modes, we need a counter counter = Counter.new(nbits=self._cipher_info[name]['block-size'] * 8, initial_value=util.inflate_long(iv, True)) return self._cipher_info[name]['class'].new(key, self._cipher_info[name]['mode'], iv, counter) -- cgit v1.2.3 From 9db59ac05e03ede7ba5d5059b7e00effca275430 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 6 Jun 2017 12:34:12 -0700 Subject: Changelog re #667 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 8ffde787..ec1c09cb 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`667` The RC4/arcfour family of ciphers has been broken since version + 2.0; but since the algorithm is now known to be completely insecure, we are + opting to remove support outright instead of fixing it. Thanks to Alex Gaynor + for catch & patch. * :support:`- backported` A big formatting pass to clean up an enormous number of invalid Sphinx reference links, discovered by switching to a modern, rigorous nitpicking doc-building mode. -- cgit v1.2.3