https://sourceforge.net/p/sharpssh/bugs/19/2011-06-14T20:24:51ZRecent changes to 19: Using wrong encryption algorithm?2011-06-14T20:24:51Z2011-06-14T20:24:51ZScottShttps://sourceforge.net/u/scottsteesy/https://sourceforge.netaed8db3912276cb84fff635af2785e77542e643b

<div class="markdown_content"><p>I download the SharpSSH v1.1.1.13 source code last week. I use DotNet Framework 4.0 and was following coments on the CodeProject site for removing the dependency on the Mentalis Security library written for DotNet 1.x. I found 2 "new" places to make changes, in the HMACMD596 and HMACSHA196 classes, but one of them seems wrong. I couldn't find anything in previous bug reports to say anyone had questioned this before, so here goes.</p> <p>In Tamir.SharpSsh.jsch.jce.HMACSHA196.init(byte[] key) method, the method name, constant name, and the comments all reference using SHA1-96 algorithm, but the code has:<br /> mentalis_mac = new Org.Mentalis.Security.Cryptography.HMAC(new System.Security.Cryptography.MD5CryptoServiceProvider(), key);<br /> which is using the MD5 algorithm.<br /> Is that correct?</p></div>