hmac-ripemd160 not in PROTOCOL

Max Horn max at
Sat Nov 7 20:02:44 AEDT 2015

> On 07.11.2015, at 04:43, Darren Tucker <dtucker at> wrote:
> On Sat, Nov 7, 2015 at 2:20 AM, Max Horn <max at> wrote:
>> Hi there,
>> I noticed that hmac-ripemd160 and hmac-ripemd160 at are not listed in the OpenSSH protocols file, yet they are listed in myproposal.h. I was wondering whether this is intentional, if yes, what the rationale behind this is?
> The definitions are the same, so they implement the same algorithm.

Aye, that I also determined :).

> After some git archaeology I see that it was added sometime around 2.0
> and was present through 2.3.x[0] with only the suffix.
> Between 2.3 and 2.5 (there was no 2.4) it moved into mac.c and the
> name without the @openssh was added.
> I suspect the @openssh one was before ripemd was added to the (at the
> time in draft) standards, and the new name was added once it was.

Ahhh, I am sorry, I should have lead with this: To the best of my knowledge,
hmac-ripemd160 occurs nowhere in the SSH specification, and is an OpenSSH
extension. Hence, I am surprised to see "hmac-ripemd160" in the mac list,
without the, and was wondering about the story behind it...

But I am happy to learn I am wrong, though then I'd also like to learn which
standard you are referring to?


> I also think we should make the documentation accurate by removed the
> nonstandard name.
> [0]
> [1]
> -- 
> Darren Tucker (dtucker at
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>    Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.

More information about the openssh-unix-dev mailing list