hmac-ripemd160 not in PROTOCOL
max at quendi.de
Sat Nov 7 20:02:44 AEDT 2015
> On 07.11.2015, at 04:43, Darren Tucker <dtucker at zip.com.au> wrote:
> On Sat, Nov 7, 2015 at 2:20 AM, Max Horn <max at quendi.de> wrote:
>> Hi there,
>> I noticed that hmac-ripemd160 and hmac-ripemd160 at openssh.com are not listed in the OpenSSH protocols file, yet they are listed in myproposal.h. I was wondering whether this is intentional, if yes, what the rationale behind this is?
> The definitions are the same, so they implement the same algorithm.
Aye, that I also determined :).
> After some git archaeology I see that it was added sometime around 2.0
> and was present through 2.3.x with only the @openssh.com suffix.
> Between 2.3 and 2.5 (there was no 2.4) it moved into mac.c and the
> name without the @openssh was added.
> I suspect the @openssh one was before ripemd was added to the (at the
> time in draft) standards, and the new name was added once it was.
Ahhh, I am sorry, I should have lead with this: To the best of my knowledge,
hmac-ripemd160 occurs nowhere in the SSH specification, and is an OpenSSH
extension. Hence, I am surprised to see "hmac-ripemd160" in the mac list,
without the @openssh.com, and was wondering about the story behind it...
But I am happy to learn I am wrong, though then I'd also like to learn which
standard you are referring to?
> I also think we should make the documentation accurate by removed the
> nonstandard name.
>  https://anongit.mindrot.org/openssh.git/tree/kex.c?h=V_2_3_0_P1
>  https://anongit.mindrot.org/openssh.git/tree/mac.c?h=V_2_5_0_P1
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
More information about the openssh-unix-dev