PuTTY wish encrypt-then-mac

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Snapshot | Docs | Changes | Wishlist

summary: Add support for OpenSSH encrypt-then-MAC scheme
class: wish: This is a request for an enhancement.
priority: medium: This should be fixed one day.
fixed-in: b0823fc5be15e429bac4619bf7e2e9f829c02eea 2015-04-27 (0.68)

OpenSSH has a mechanism for changing SSH-2 from its usual encode-then-encrypt-and-MAC scheme to a more conventional encrypt-then-MAC. This is signalled by new MAC algorithms with -etm in their names. Of these, PuTTY now supports:

PuTTY doesn't currently prefer these because it's not clear to us that they give any security benefit except when using CBC-mode ciphers, and any server that supports ETM will also be able to do something better than CBC.

If you want to comment on this web site, see the Feedback page.
Audit trail for this wish.
(last revision of this bug record was at 2015-06-25 23:43:58 +0100)