[For Terrapin to be viable, the connection it interferes with also must be secured by either “ChaCha20-Poly1305” or “CBC with Encrypt-then-MAC,” both of which are cipher modes added to the SSH protocol (in 2013 and 2012, respectively

Well thats easy then, just change your allowed ciphers.

MitM attacks are also one of the major threats to MFA.

They don’t seem to talk much about TLS which is the current standard for most things (VoIP, email.) We still use ssh for a lot but HTTPS is secured through TLS 1.3

Finland has done a lot for the industry… Hyvää Suomi!