What exactly does or doesn't happen? Please check the following list out:Just that it doesn't ask you to do this, doesn't mean it doesn't happen.
HMAC is usually only involved in the host verification procedure. No host verification- no HMAC needed/used. Just guessing.
- No mention of HMAC algorithm? Is one even used?
Generated on install? How is that supposed to be used then? Are you sure you are not mixing DH group and host key up?
- I found no references to whatever "DH-1984" is, this should be replaced with a 2048 bit unique prime generated on install.
Yep, I see your point. You're right here.A HMAC is needed for authenticated encryption, otherwise there is no way to detect ciphertext modification with block ciphers like RC4 in common modes.
DH group is not a secret, but rather a common knowledge- both sides of the secure connection are supposed to use the same prime+generator pair (DH group) in their key exchange computations. Generating a unique prime on install is rather pointless, and making sure it is cryptographically good enough is almost impossible during install.DH groups have a pre-computed prime field which is used for DH key negotiation. By using common or weak groups it opens the window for mass computation attacks that would compromise all devices using the same primes (see https://weakdh.org/). Generating a 2048 bit unique prime (DH parameters) at install makes mass computation pointless.
There is only one page of Google results for whatever "RC4 drop3072" is. You say it's a custom variant, has it been designed or reviewed by a cryptographer? Why are there no academic papers on it? More importantly, why is Mikrotik designing their own crypto instead of using well tested and secure industry standards like TLS?That's why I said "hardened". It is not broken as the standard RC4 is. It is a custom variant.RC4 is broken and should be replaced
We use RC4 because it is much faster when used without hardware acceleration.Protocols can defend against this attack by discarding the initial portion of the keystream. Such a modified algorithm is traditionally called "RC4-drop[n]", where n is the number of initial keystream bytes that are dropped. The SCAN default is n = 768 bytes, but a conservative value would be n = 3072 bytes.
RC4: Enabled Vulnerabilities checked: BEAST