Recent MAC improvements
Iain Morgan
imorgan at nas.nasa.gov
Thu Jun 14 03:48:38 EST 2007
On Tue, Jun 12, 2007 at 11:21:32 +1000, Damien Miller wrote:
> On Mon, 11 Jun 2007, Damien Miller wrote:
>
> > These changes need testing on as many platforms as possible. In particular
> > we are interested in the following corner cases:
> >
> > - Old OpenSSL version (0.9.5ish)
> > - Testing between big and little endian machines (i386 vs. sparc for example)
> > - Testing between previous OpenSSH versions and -current
> > - Testing on strict alignment architectures like Alpha and Itanium
>
> One more case:
>
> - Interoperability against non-OpenSSH implementations
>
> This applies mainly for the MAC reuse change, as no other implementations
> would support UMAC yet.
>
> If other implementors want to support UMAC, there is a specification
> for how OpenSSH does it at [1] which is awaiting publication (assuming
> I have the IETF boilerplate de jour correct this time). OpenSSH uses a
> slightly tweaked version of the UMAC reference implementation[2].
>
> -d
>
> [1] http://www.mindrot.org/~djm/internet-drafts/draft-miller-secsh-umac-00.txt
> [2] http://www.fastcrypto.org/umac/2004/code.html
>
I just did a test scp'ing a 10GB file using the 20070613 snapshot to a
server running the 4.2.1.1 rev of SSH.COM's product. The MAC reuse
did not appear to be a problem.
--
Iain Morgan
More information about the openssh-unix-dev
mailing list