RMCP support
Vernon Mauery
vernon.mauery at linux.intel.com
Thu Sep 12 03:31:39 AEST 2019
On 11-Sep-2019 05:27 AM, Neeraj Ladkani wrote:
> Is there any plan to add RMCP support in IPMI LAN stack ?
There are no plans for adding RMCP support. RMCP is horribly insecure;
even more insecure than the least secure RMCP+ cipher suites (not
counting cipher suite 0, which should not even be a thing.)
Not implementing RMCP was an intentional choice. RMCP+ is insecure,
especially with passwords shorter than 8 (as shown by Rick Altherr's
OSFC 2019 presentation). It is recommended that RMCP+ is only used with
cipher suite 17 and maximum length passwords (20 characters). Ideally,
it would not be used at all, preferring Redfish, which uses modern
crypto.
Every open source IPMI utility out there supports RMCP+. That should be
used instead of RMCP.
--Vernon
More information about the openbmc
mailing list