algos | Popular Algorithms and Data Structures | Learning library

First, it depends on why they're using these algorithms. For certain uses, there are no security problems with MD5 or SHA-1, and they may be necessary for compatibility with existing standards or backward compatibility.

As an example, PBKDF2 is perfectly secure using SHA-1 as its hash. It doesn't require a very strong hash function to maintain its own security. It's even secure using MD5. Switching to SHA-2 with PBKDF2 doesn't improve security, it's just "security hygiene," which is "avoid algorithms that have known problems even being in your code, even if they cause no problems in your particular use case." Security hygiene is a good practice, but it's not the same thing as security.

For other use cases, the security of the hash function is critical. If a framework is authenticating arbitrary messages using MD5, that's completely broken. Don't take this answer to suggest that algorithms don't matter. They do! But not in every use case. And if you want to decode credit card swipe transactions, you're probably going to need DES to be in your code, which is horribly broken, but you're still going to need it because that's how magnetic stripes are encrypted. It doesn't make your framework "insecure."

When you say "but they seem to insist on using outdated algos," I assume you mean you opened a PR and they rejected it, in which case I assume they have a good reason (such as backward compatibility when there is no actual security problem). If you haven't, then obviously the first step would be to open a PR.

That said, if you want to change this because you feel there is an actual security problem that they will not resolve, or purely for hygiene, then with CocoaPods you would fork the project, modify it, and point to your own version using the source attribute to the pod keyword.

Maintaining a cryptography framework myself, I often get bug reports that are simply wrong from developers using these scanners. Make sure that you know what the scanner is telling you and how to evaluate the findings. False positives are extremely common with these. These tools are useful, but you need to have some expertise to read their reports.

i wanted to post a quick update for anybody that is having the same issue, i opened a similiar question on the microsoft q&a site and looks like it's an issue on the azure side that they are working on fixing for GA Microsoft Q&A

The error comes form underlying Paramiko and is discussed here:
Paramiko authentication fails with "Agreed upon 'rsa-sha2-512' pubkey algorithm" (and "unsupported public key algorithm: rsa-sha2-512" in sshd log)

Though pysftp does not expose the disabled_algorithms parameter.

You better switch to using Paramiko directly. The pysftp is abandoned project. See pysftp vs. Paramiko.

I think I also experienced this issue, although on macOS 12.1. I tried to debug it and found out that sometimes I also get another error:

This functionality is called "row binding", it is not exposed as an API method. It is, however, available as a Rapids expression (simple scheme-like language). You can follow this example to row-bind 2 H2O Frames: https://github.com/h2oai/h2o-3/blob/master/h2o-core/src/test/java/water/rapids/ast/prims/mungers/AstRBindTest.java#L40 In a nutshell, if you have 2 frames with keys A and B you would run water.rapids.Rapids.exec("rbind A B").getFrame()

Imo, it's a bug in Paramiko. It does not handle correctly absence of server-sig-algs extension on the server side.

Try disabling rsa-sha2-* on Paramiko side altogether:

Get all supported algorithms for key exchange from remote ssh-server with nmap:

1. Despite the test, this implementation of Dijkstra may put Ω(E) items in the priority queue. This will cost Ω(E log E) with every comparison-based priority queue.

2. Why not E log V? Well, assuming a connected, simple, nontrivial graph, we have Θ(E log V) = Θ(E log E) since log (V−1) ≤ log E < log V² = 2 log V.

3. The O(E + V log V)-time implementations of Dijkstra's algorithm depend on a(n amortized) constant-time DecreaseKey operation, avoiding multiple entries for an individual vertex. The implementation in this question will likely be faster in practice on sparse graphs, however.

Change this line: