IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: SHA-2 based HMAC algorithm...
Joseph, everyone,
I have just attempted to implement:
hmac-sha256%ssh.com@localhost
hmac-sha256-96%ssh.com@localhost
I can summarize the current state of this algorithm in one word. Awful.
I tested our implementation with two others: the Tectia client, and
MindTerm.
In both cases, I needed to use the command line (sftpg3 for Tectia) or
edit the textual host settings file (for MindTerm) because the graphical
user interface of both programs has not been updated to support the
algorithm.
I first assumed that implementations would logically follow the SSH
transport RFC precedent, and use a 32-byte key for HMAC-256, just like
there's a 20-byte key for SHA-1, and a 16-byte key for MD5.
Not so. It turns out that the Tectia client implementation initializes
the hmac-sha256%ssh.com@localhost algorithm with a 16-byte HMAC key. The MindTerm
implementation, on the other hand, uses a 20-byte HMAC key.
So, there's just no way that you can be compatible with both
implementations of this private algorithm without explicit compatibility
hacks from the get-go.
I want to implement HMAC-SHA-256 support because clients have requested
it. The @ssh.com algorithm is apparently broken, and the choice of both
a 16-byte and a 20-byte key seems dubious.
Is there a way we can agree on HMAC-SHA-256 with a 32-byte key, call it
"hmac-sha256", and register it?
Can we agree that this is what we'll do, and implement it?
denis
----- Original Message -----
From: "Joseph Galbraith" <galb-list%vandyke.com@localhost>
To: <ietf-ssh%NetBSD.org@localhost>
Sent: Friday, March 18, 2011 19:17
Subject: SHA-2 based HMAC algorithm...
Is there a SHA-2 based HMAC algorithm specified in any of
the recent extension RFCs?
I looked but didn't see one.
Has anyone implement such a thing as a @domain.name extension?
Thanks,
Joseph
Home |
Main Index |
Thread Index |
Old Index