parent
0ecc15cc79
commit
78aba5a9f8
|
@ -19,52 +19,52 @@ module CryptCheck
|
|||
|
||||
KEX = {
|
||||
'curve25519-sha256@libssh.org' => :green,
|
||||
'diffie-hellman-group1-sha1' => :yellow,
|
||||
'diffie-hellman-group14-sha1' => :yellow,
|
||||
'diffie-hellman-group-exchange-sha1' => :yellow,
|
||||
'diffie-hellman-group-exchange-sha256' => :green,
|
||||
'ecdh-sha2-nistp256' => :yellow,
|
||||
'ecdh-sha2-nistp384' => :yellow,
|
||||
'ecdh-sha2-nistp521' => :yellow
|
||||
'ecdh-sha2-nistp521' => nil, # NIST
|
||||
'ecdh-sha2-nistp384' => nil, # NIST
|
||||
'ecdh-sha2-nistp256' => nil, # NIST
|
||||
'diffie-hellman-group-exchange-sha256' => :green, # DLP (PFS)
|
||||
'diffie-hellman-group-exchange-sha1' => :yellow, # DLP (PFS)
|
||||
'diffie-hellman-group14-sha1' => :yellow, # 2048 bits < 3072 bits
|
||||
'diffie-hellman-group1-sha1' => :red # 768 bits < 1024 bits
|
||||
}
|
||||
|
||||
ENCRYPTION = {
|
||||
'3des-cbc' => :red,
|
||||
'aes128-cbc' => :yellow,
|
||||
'aes192-cbc' => :yellow,
|
||||
'aes256-cbc' => :yellow,
|
||||
'aes128-ctr' => :yellow,
|
||||
'aes192-ctr' => :yellow,
|
||||
'aes256-ctr' => :yellow,
|
||||
'aes128-gcm@openssh.com' => :green,
|
||||
'chacha20-poly1305@openssh.com' => :green,
|
||||
'aes256-gcm@openssh.com' => :green,
|
||||
'arcfour' => :red,
|
||||
'arcfour128' => :red,
|
||||
'arcfour256' => :red,
|
||||
'blowfish-cbc' => :yellow,
|
||||
'cast128-cbc' => nil,
|
||||
'chacha20-poly1305@openssh.com' => :green
|
||||
'aes128-gcm@openssh.com' => :green,
|
||||
'aes256-ctr' => nil, # CTR < GCM
|
||||
'aes192-ctr' => nil, # CTR < GCM
|
||||
'aes128-ctr' => nil, # CTR < GCM
|
||||
'aes256-cbc' => :yellow, # CBC
|
||||
'aes192-cbc' => :yellow, # CBC
|
||||
'aes128-cbc' => :yellow, # CBC
|
||||
'blowfish-cbc' => :yellow, # CBC
|
||||
'cast128-cbc' => :yellow, # CBC
|
||||
'3des-cbc' => :red, # 3DES
|
||||
'arcfour' => :red, # RC4
|
||||
'arcfour128' => :red, # RC4
|
||||
'arcfour256' => :red # RC4
|
||||
}
|
||||
|
||||
HMAC = {
|
||||
'hmac-md5' => :red,
|
||||
'hmac-md5-96' => :red,
|
||||
'hmac-ripemd160' => :green,
|
||||
'hmac-sha1' => :yellow,
|
||||
'hmac-sha1-96' => :red,
|
||||
'hmac-sha2-256' => :green,
|
||||
'hmac-sha2-512' => :green,
|
||||
'umac-64@openssh.com' => :red,
|
||||
'umac-128@openssh.com' => nil,
|
||||
'hmac-md5-etm@openssh.com' => :red,
|
||||
'hmac-md5-96-etm@openssh.com' => :red,
|
||||
'hmac-ripemd160-etm@openssh.com' => :green,
|
||||
'hmac-sha1-etm@openssh.com' => :yellow,
|
||||
'hmac-sha1-96-etm@openssh.com' => :red,
|
||||
'hmac-sha2-256-etm@openssh.com' => :green,
|
||||
'hmac-sha2-512-etm@openssh.com' => :green,
|
||||
'umac-64-etm@openssh.com' => :red,
|
||||
'umac-128-etm@openssh.com' => nil
|
||||
'hmac-sha2-256-etm@openssh.com' => :green,
|
||||
'hmac-sha2-512' => nil,
|
||||
'hmac-sha2-256' => nil,
|
||||
'hmac-sha1-etm@openssh.com' => :green,
|
||||
'hmac-sha1' => nil,
|
||||
'hmac-sha1-96-etm@openssh.com' => :red, # EXPORT
|
||||
'hmac-sha1-96' => :red, # EXPORT
|
||||
'hmac-ripemd160-etm@openssh.com' => :green,
|
||||
'hmac-ripemd160' => nil,
|
||||
'hmac-md5-etm@openssh.com' => :red, # MD5
|
||||
'hmac-md5' => :red, # MD5
|
||||
'hmac-md5-96-etm@openssh.com' => :red, # MD5 + EXPORT
|
||||
'hmac-md5-96' => :red, # MD5 + EXPORT
|
||||
'umac-128-etm@openssh.com' => :green,
|
||||
'umac-128@openssh.com' => nil,
|
||||
'umac-64-etm@openssh.com' => :red, # < 128 bits
|
||||
'umac-64@openssh.com' => :red # < 128 bits
|
||||
}
|
||||
|
||||
COMPRESSION = {
|
||||
|
@ -73,20 +73,20 @@ module CryptCheck
|
|||
}
|
||||
|
||||
KEY = {
|
||||
'ecdsa-sha2-nistp256-cert-v01@openssh.com' => :yellow,
|
||||
'ecdsa-sha2-nistp384-cert-v01@openssh.com' => :yellow,
|
||||
'ecdsa-sha2-nistp521-cert-v01@openssh.com' => :yellow,
|
||||
'ssh-ed25519-cert-v01@openssh.com' => :green,
|
||||
'ssh-rsa-cert-v01@openssh.com' => :yellow,
|
||||
'ssh-dss-cert-v01@openssh.com' => :red,
|
||||
'ssh-rsa-cert-v00@openssh.com' => :yellow,
|
||||
'ssh-dss-cert-v00@openssh.com' => :red,
|
||||
'ecdsa-sha2-nistp256' => :yellow,
|
||||
'ecdsa-sha2-nistp384' => :yellow,
|
||||
'ecdsa-sha2-nistp521' => :yellow,
|
||||
'ssh-ed25519' => :green,
|
||||
'ssh-rsa' => :yellow,
|
||||
'ssh-dss' => :red
|
||||
'ssh-ed25519-cert-v01@openssh.com' => :green,
|
||||
'ecdsa-sha2-nistp256' => nil, # NIST
|
||||
'ecdsa-sha2-nistp384' => nil, # NIST
|
||||
'ecdsa-sha2-nistp521' => nil, # NIST
|
||||
'ssh-rsa' => :yellow, # RSA
|
||||
'ssh-dss' => :red, # DSA
|
||||
'ecdsa-sha2-nistp256-cert-v01@openssh.com' => nil, # NIST
|
||||
'ecdsa-sha2-nistp384-cert-v01@openssh.com' => nil, # NIST
|
||||
'ecdsa-sha2-nistp521-cert-v01@openssh.com' => nil, # NIST
|
||||
'ssh-rsa-cert-v01@openssh.com' => :yellow, # RSA
|
||||
'ssh-rsa-cert-v00@openssh.com' => :yellow, # RSA
|
||||
'ssh-dss-cert-v01@openssh.com' => :red, # DSA
|
||||
'ssh-dss-cert-v00@openssh.com' => :red, # DSA
|
||||
}
|
||||
|
||||
def initialize(hostname, port)
|
||||
|
|
Loading…
Reference in New Issue