PuTTY wish hmac-sha2-512

This is a mirror. Follow this link to find the primary PuTTY web site.

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Snapshot | Docs | Changes | Wishlist

summary: Support for HMAC-SHA-512 in SSH-2
class: wish: This is a request for an enhancement.
difficulty: fun: Just needs tuits, and not many of them.
priority: low: We aren't sure whether to fix this or not.

RFC 6668 specifies two new MAC algorithms for SSH-2. PuTTY has support for HMAC-SHA-256 (called "hmac-sha2-256" in the protocol), but does not have support for the optional HMAC-SHA-512 ("hmac-sha2-512").

It would be simple enough to add support for HMAC-SHA-512, but this would gain practically nothing. HMAC-SHA-256 has an effective security of 256 bits, the same as the best of PuTTY's key-exchange algorithms. Any attacker able to break SHA-256 can simply extract the MAC key by reversing the key exchange, so using HMAC-SHA-512 is pointless. Adding it would come with costs in code size and complexity and in expansion of PuTTY's KEXINIT packet and while small, these costs outweigh the negligible benefits.

If you want to comment on this web site, see the Feedback page.
Audit trail for this wish.
(last revision of this bug record was at 2022-09-11 23:46:37 +0100)