On 01/27/2017 10:03 AM, Leonard den Ottolander wrote: > To my astonishment the openssh versions on both C6 and C7 will by > default negotiate an MD5 HMAC. Cryptographers still consider MD5 secure for HMAC use. Wikipedia's references (currently 6, 7, and 8) in this article are useful: https://en.wikipedia.org/wiki/Hash-based_message_authentication_code