4.5 Message authentication algorithms

Modules of this type are used by the transport layer in order to authenticate the ssh2 packets transmitted over the network.

Standard ssh2 MAC algorithms based on md5, sha1 and sha2 are provided as specified in rfc4253 and rfc6668. The Encrypt-then-Mac extensions proposed by OpenSSH are implemented as alternatives to the standard Mac-then-Encrypt based algorithms.

MAC related declarations can be found in assh/assh_mac.h.

The following MAC algorithms have built-in support:

  • hmac-md5, hmac-md5-96,

  • hmac-sha1, hmac-sha1-96,

  • hmac-sha2-256, hmac-sha2-512,

  • hmac-md5-etm@openssh.com, hmac-md5-96-etm@openssh.com,

  • hmac-sha1-etm@openssh.com, hmac-sha1-96-etm@openssh.com,

  • hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com.

When either the Libgcrypt library or the OpenSSL library is used, these additional MAC algorithms are available:

  • hmac-ripemd160, hmac-ripemd160-etm@openssh.com

Valid XHTML 1.0 StrictGenerated by diaxen on Sun Oct 25 23:30:45 2020 using MkDoc