[zip]

Netgear R7000
Firmware Version DD-WRT v3.0-r35244 std ( 03/05/18 )
Kernel Version Linux 4.4.120 #2685 SMP Mon Mar 5 08:03:45 CET 2018 armv7l


I have the latest firmware for my router which according to the svn has the lastest Dropbear (v2018.76) included in it. I have also enabled logging on PuTTY which confirms that the server is v2018.76.

In the svn, the way I read change 35157 http://svn.dd-wrt.com/changeset/35157 shows that diffie hellman group14-sha256 is activated in dd-wrt. I get that from line 178 because there is a 1 at the end of the line.

However, PuTTY logging shows that dd-wrt Dropbear is not offering group14-sha256 while PuTTY is offering it.

NOTE: I got a specific version of PuTTY that the author provided for me. He says it is easy to implement that KEX algorithm into PuTTY.


Am I reading something wrong in the changes or is one of the other Dropbear related changes (which I have reviewed) eliminating that algorithm? I am not a coding guru and I can certainly be missing something, but I thought that the number 1 at the end means that it is available. The lines above that indicate that the old group1 and group14 with sha1 are available, but that the newer group16 is not. I had no problem with upgrading the firmware and everything works fine (VPN, SSH, VLANs, wireless 2.4 and 5.0, etc.)

It would be very beneficial to have group14-sha256 included in dd-wrt. The consensus by those in the know shows that KEX algoritms with sha1 are now questionable.

I would like input from the forum to hopefully get this resolved when I get back tomorrow night.