SSH MAC Algorithm Names :: Support Forum

TheCliGuy
Joined:: 2020-01-31
Posts:: 13

SSH MAC Algorithm Names

2020-10-27 21:53

Using WinSCP version 5.17.8, the WinSCP.com /info command returns the following MAC algorithms:

hmac-sha2-256
hmac-sha1
hmac-sha1-96
hmac-md5

Whereas WinSCP actually supports all of the following because for each of the encrypt-and-MAC algorithms above there's an encrypt-then-MAC equivalent:
hmac-sha2-256
hmac-sha1
hmac-sha1-96
hmac-md5
hmac-sha2-256-etm@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-md5-etm@openssh.com

Would it be possible to update WinSCP.com /info to list both the encrypt-and-MAC and encrypt-then-MAC algorithms?

The encrypt-then-MAC name can be found in the etm_name property of an ssh2_macalg:

name           etm_name
----           --------
hmac-sha2-256  hmac-sha2-256-etm@openssh.com
hmac-sha1      hmac-sha1-etm@openssh.com
hmac-sha1-96   hmac-sha1-96-etm@openssh.com
hmac-md5       hmac-md5-etm@openssh.com

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 40,567
Location:: Prague, Czechia

Re: SSH MAC Algorithm Names

2020-10-30

Thanks for your suggestion. I've implemented this for the next release:
https://winscp.net/tracker/1917

Reply with quote

TheCliGuy

Re: SSH MAC Algorithm Names

2020-11-01 17:49

Thank you Martin.

When you say "this is implemented for the next release", is 5.18 going to be the next release after 5.17.9?

Reply with quote

martin◆ Site Admin

Re: SSH MAC Algorithm Names

2020-11-03

Probably not yet. Still few months to go with 5.18.

Reply with quote

TheCliGuy
Joined:: 2020-01-31
Posts:: 13

Re: SSH MAC Algorithm Names

2020-12-28 18:55

Hi Martin,

I've just tested winscp.com /info using 5.18 beta and see that the encrypt-then-MAC algorithms are displayed in parenthesis next to their equivalent encrypt-and-MAC algorithms:

SSH MAC algorithms:
hmac-sha2-256 (hmac-sha2-256-etm@openssh.com)
hmac-sha1 (hmac-sha1-etm@openssh.com)
hmac-sha1-96 (hmac-sha1-96-etm@openssh.com)
hmac-md5 (hmac-md5-etm@openssh.com)

Is there any chance that this could be changed so that ETM algorithms are displayed on separate lines?

Having one algorithm per line makes it very easy to parse the output, EG:

# Create an object ($objAlgorithms) consisting of a property per algorithm type 
# with a value that contains a comma separated list of the algorithm names.

$WinScpInfo = & 'C:\Program Files (x86)\WinSCP\WinSCP.com' /info
$objAlgorithms = [PSCustomObject]@{}

$WinScpInfo.ForEach({
    # A heading is identified as a value ending in a colon.
    If ($_[-1] -eq ':') {
        $PropertyName = ($_.substring(0, ($_.length -1)))
    }
    # The end of a block of algorithms is identified as an empty line.
    ElseIf ($_ -eq '') {
        $objAlgorithms | Add-Member -Name $PropertyName -Type NoteProperty -Value $PropertyVal
        $PropertyVal = ''
    }
    # Anything else is an algorithm name.
    Else {
        If ($PropertyVal) {
            $PropertyVal = $PropertyVal, $_ -join ','
        }
        Else {
            $PropertyVal = $_
        }
    }
})

Reply with quote