Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Snapshot
|
Docs
|
Privacy
|
Changes
|
Wishlist
RFC 6668 specifies two new MAC algorithms for SSH-2. PuTTY has support for HMAC-SHA-256 (called "hmac-sha2-256" in the protocol), but does not have support for the optional HMAC-SHA-512 ("hmac-sha2-512").
It would be simple enough to add support for HMAC-SHA-512, but this would gain practically nothing. HMAC-SHA-256 has an effective security of 256 bits, the same as the best of PuTTY's key-exchange algorithms. Any attacker able to break SHA-256 can simply extract the MAC key by reversing the key exchange, so using HMAC-SHA-512 is pointless. Adding it would come with costs in code size and complexity and in expansion of PuTTY's KEXINIT packet and while small, these costs outweigh the negligible benefits.
2023-04-24: however, we heard recently of an SSH server being configured to accept nothing else, so if people are going to do that (though I'm still not sure why) it seems worth supporting. Also, we now have a fallback workaround for anyone finding our KEXINIT is too long, so that risk of adding more algorithms is mitigated.