[Bug 3375] SHA1 is used as a proof of possession for the RSA key
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Dec 20 19:32:44 AEDT 2021
https://bugzilla.mindrot.org/show_bug.cgi?id=3375
--- Comment #2 from Dmitry Belyavskiy <dbelyavs at redhat.com> ---
When we have, say, an ECDSA key confirmed by fingerprint and RSA key to
be confirmed, we have EC-based KEX, so the KEX-based prevention of
using SHA1
(https://github.com/openssh/openssh-portable/blob/7a7c69d8b4022b1e5c0afb169c416af8ce70f3e8/serverloop.c#L725-L730)
will not work and SHA1 will be used for the proof of posession of the
RSA key.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list