OpenSSH protocol 1.6 proposal
Markus Friedl
markus.friedl at informatik.uni-erlangen.de
Mon Jan 3 09:11:46 EST 2000
On Sun, Jan 02, 2000 at 02:46:49PM -0500, Brian Fundakowski Feldman wrote:
> My concern here is, how much does it convolute the code? I believe
> that it's probably not as useful to make the old SSH 1.X protocol
> as infinitely more secure as it is useful to make OpenSSH support
> the 2.X protocol.
i don't think the patch 'convolutes' the code, it just replaces
the CRC with a real authenticating MAC, hmac-sha1 in this case.
> I really don't see why we should need sequence numbers if we do
> a continuous SHA-1 hash of the entire stream. Are you proposing
> just one use per SHA_CTX, each packet having its own independent
> hash and sequence number?
yes, each packet has an independent MAC that depends on the current
packet and current packet number. this number is not transmitted.
i don't know a protocol that uses a continuous hash for authentication.
both ipsec and ssh2 use hmacs. usage of hmac is common practice for
authentication (hmac-sha1 is required for SSH2).
> > session_id := MD5 (host_key_n |session_key_n|
> > supported_ciphers|supported_authentications|
> > client_flags|server_flags|
> > client_version_string|server_version_string|
> > cookie);
>
> That does sound better, although I wouldn't know ow much better than
> before.
it _authenticates_ the cleartext parameters that are transmitted
before the session key can be used for authentication/encrytion.
-markus
More information about the openssh-unix-dev
mailing list