[Bug 3375] SHA1 is used as a proof of possession for the RSA key

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Dec 20 19:32:44 AEDT 2021


--- Comment #2 from Dmitry Belyavskiy <dbelyavs at redhat.com> ---
When we have, say, an ECDSA key confirmed by fingerprint and RSA key to
be confirmed, we have EC-based KEX, so the KEX-based prevention of
using SHA1
will not work and SHA1 will be used for the proof of posession of the
RSA key.

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list