Community Spring Cleaning week is here! Join your fellow Maveryx in digging through your old posts and marking comments on them as solved. Learn more here!
The Product Idea boards have gotten an update to better integrate them within our Product team's idea cycle! However this update does have a few unique behaviors, if you have any questions about them check out our FAQ.

Alteryx Designer Desktop Ideas

Share your Designer Desktop product ideas - we're listening!
Submitting an Idea?

Be sure to review our Idea Submission Guidelines for more information!

Submission Guidelines

Update Download Tool's SFTP secure connection options: include SHA-2 HMAC

The Download tool allows for encrypted SFTP connections, but I recently discovered (the hard way) that the Alteryx capabilities are incomplete and the algorithms not fully up to date. Just adding an additional updated algorithm or two to the 4 available for message authentication would bring it up to date.

 

As back story, our firm has onboarded a new SFTP server, and all of a sudden my Alteryx SFTP workflows didn't work when I pointed them at the new server. After going back and forth extensively with the helpful folks at Alteryx, we discovered there's a gap in Alteryx's current capabilities.

 

Basically, the Alteryx download tool can use the old encryption algorithm and half of the new version, and half of the new version is like having half a bridge.

 

Up until 2017, SHA-1 was the most common hash used for cryptographic signing. Since then it's been slowing getting supplanted by SHA-2.

 

Alteryx can use SHA-2 for key exchanges, but not for message authentication (the HMAC algorithm). The internet seems to swear up and down that the old SHA-1 algorithm works just fine for message authentication, but I don't have the luxury of caring about that. All I know is that as of March 2019 the SFTP server I have to connect with has deprecated Alteryx's SHA-1 algorithm as being too out of date and only allows the new SHA-2 message authentication. 

 

Alteryx CAN use the up to date SHA-2 for key exchange (GOOD, halfway there!) but can only use (old) ways of doing message authentication that do NOT include SHA-2 (NOT GOOD!). Please add updated SHA-2 algorithms (hmac-sha2-512, hmac-sha2-256) to the HMAC mix too!

 

Many thanks,

 

Josiah

 

8 Comments
mlittletn
7 - Meteor
I'm running into the same issue. My IT security teams have started locking down servers to no longer allow SHA-1. Dev teams! Help us out! Recompile to pick up newer standards. 🙂
brad-barrett
7 - Meteor

This would be a great fix as I cannot connect to my current SFTP site either.

wlhale
7 - Meteor

I just got bit by this issue as one of our vendors deployed a new SFTP site and i can no longer transmit data due to the SHA-2 not working in Alteryx. Now i need to figure out a new way to do this or somehow run WINSCP via a command. Arghh

 

DataInvestigator007
6 - Meteoroid

I would like to see a free to configure and use tool for sftp transfer possibility with one of the default tools in Alteryx tool palette.  In the Enterprise world, data is distributed.  When Alteryx completes its process, it should be able to post the data in a different zone using sFTP.  I would sincerely request you to consider enhancing this as one of important tool.  

OldDogNewTricks
10 - Fireball

This needs to be updated.  Looks like I'll have to build another workaround in the interim, maybe command line WINSCP?

tab
5 - Atom

I agree, this needs to be updated. SHA1 is broken https://shattered.io/ and does not make sense if the tool gives you permanent errors regarding uploads. Please fix this.

 

 

AlteryxCommunityTeam
Alteryx Community Team
Alteryx Community Team
Status changed to: Accepting Votes
 
bigharp1
5 - Atom

Almost FOUR years since the first post on this issue, I am surprised that Alteryx has not addressed this issue. We just got hit when a recent Windows patch must have deprecated SHA1 as our jobs using the download tool to put an FTP file now fails after running fine for months.

 

With this much lead time, there's no valid excuse not to have this fixed in Alteryx.