Recent MAC improvements

Damien Miller djm at mindrot.org
Tue Jun 12 11:21:32 EST 2007


On Mon, 11 Jun 2007, Damien Miller wrote:

> These changes need testing on as many platforms as possible. In particular
> we are interested in the following corner cases:
> 
> - Old OpenSSL version (0.9.5ish)
> - Testing between big and little endian machines (i386 vs. sparc for example)
> - Testing between previous OpenSSH versions and -current
> - Testing on strict alignment architectures like Alpha and Itanium

One more case:

 - Interoperability against non-OpenSSH implementations

This applies mainly for the MAC reuse change, as no other implementations
would support UMAC yet.

If other implementors want to support UMAC, there is a specification
for how OpenSSH does it at [1] which is awaiting publication (assuming
I have the IETF boilerplate de jour correct this time). OpenSSH uses a
slightly tweaked version of the UMAC reference implementation[2].

-d

[1] http://www.mindrot.org/~djm/internet-drafts/draft-miller-secsh-umac-00.txt
[2] http://www.fastcrypto.org/umac/2004/code.html


More information about the openssh-unix-dev mailing list