Menu

#19 Using wrong encryption algorithm?

open
nobody
None
5
2011-06-14
2011-06-14
ScottS
No

I download the SharpSSH v1.1.1.13 source code last week. I use DotNet Framework 4.0 and was following coments on the CodeProject site for removing the dependency on the Mentalis Security library written for DotNet 1.x. I found 2 "new" places to make changes, in the HMACMD596 and HMACSHA196 classes, but one of them seems wrong. I couldn't find anything in previous bug reports to say anyone had questioned this before, so here goes.

In Tamir.SharpSsh.jsch.jce.HMACSHA196.init(byte[] key) method, the method name, constant name, and the comments all reference using SHA1-96 algorithm, but the code has:
mentalis_mac = new Org.Mentalis.Security.Cryptography.HMAC(new System.Security.Cryptography.MD5CryptoServiceProvider(), key);
which is using the MD5 algorithm.
Is that correct?

Discussion


Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.