New FIPS 180-2 hashes in OpenSSH?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Does any one know if SHA-224, 256, 384, and 512 are in OpenSSH or will
be included for password hashing options (message authentication) for
sshd.  Specifically in the sshd_config man page:

MACs    Specifies the available MAC (message authentication code)
algorithms.  The MAC algorithm is used in protocol version 2 for data
integrity protection.  Multiple algorithms must be comma-separated.  The
default is

The new version of OpenSSL, 0.98, now has support for these stronger
version of SHA, and given the fact that it was recently shown by
researchers that SHA1 is vulnerable to a key-space attack in 2^69
operations as opposed to 2^80, meaning with hardware in a year or two
SHA1 will become less effective, both ssh client and server should
probably start supporting these.

Does anyone know if this is in the works for openssh?


Just because you're paranoid doesn't mean that no one is out to get you!

Re: New FIPS 180-2 hashes in OpenSSH?

Quoted text here. Click to load it

This isn't a problem for HMAC, since breaking it requires a preimage attack,
not a collision attack.  Thus, HMAC-SHA1 still requires 2^160 work to break.  
Even HMAC-MD5 should be strong enough for most purposes at present, since  
an HMAC cracker has to work within the rekey time (the default for which is
an hour) to be useful, unlike a cracker for the symmetric-encryption

The standard SSH-2 key-exchange methods also use SHA-1, but I think they're
resistant to collision attacks, at least when used with standard RSA and DSA
host keys.  In any case, key-exchange methods using stronger hashes are in  
the process of being standardised.

Ben Harris

Site Timeline