hmac-ripemd160 not in PROTOCOL

Max Horn max at quendi.de
Sat Nov 7 20:02:44 AEDT 2015


> On 07.11.2015, at 04:43, Darren Tucker <dtucker at zip.com.au> wrote:
> 
> On Sat, Nov 7, 2015 at 2:20 AM, Max Horn <max at quendi.de> wrote:
>> Hi there,
>> 
>> I noticed that hmac-ripemd160 and hmac-ripemd160 at openssh.com are not listed in the OpenSSH protocols file, yet they are listed in myproposal.h. I was wondering whether this is intentional, if yes, what the rationale behind this is?
> 
> The definitions are the same, so they implement the same algorithm.

Aye, that I also determined :).

> 
> After some git archaeology I see that it was added sometime around 2.0
> and was present through 2.3.x[0] with only the @openssh.com suffix.
> Between 2.3 and 2.5 (there was no 2.4) it moved into mac.c and the
> name without the @openssh was added.
> 
> I suspect the @openssh one was before ripemd was added to the (at the
> time in draft) standards, and the new name was added once it was.

Ahhh, I am sorry, I should have lead with this: To the best of my knowledge,
hmac-ripemd160 occurs nowhere in the SSH specification, and is an OpenSSH
extension. Hence, I am surprised to see "hmac-ripemd160" in the mac list,
without the @openssh.com, and was wondering about the story behind it...

But I am happy to learn I am wrong, though then I'd also like to learn which
standard you are referring to?

Cheers,
max


> I also think we should make the documentation accurate by removed the
> nonstandard name.
> 
> [0] https://anongit.mindrot.org/openssh.git/tree/kex.c?h=V_2_3_0_P1
> [1] https://anongit.mindrot.org/openssh.git/tree/mac.c?h=V_2_5_0_P1
> 
> -- 
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>    Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
> 



More information about the openssh-unix-dev mailing list