[Bug 3375] SHA1 is used as a proof of possession for the RSA key

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Dec 20 21:48:14 AEDT 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=3375

Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jjelen at redhat.com

--- Comment #3 from Jakub Jelen <jjelen at redhat.com> ---
The condition `kexsigtype == KEY_RSA` in the above link will work only
if the rsa-sha2-* hostkey type was negotiated during key exchange and
we are sending a proof of possession of another RSA key.

In any other case, for example ECDSA or Ed25519 hostkey is negotiated,
the above condition will evaluate always to `false` and RSA with SHA1
will be used regardless the client capabilities.

I think the above condition should be rewritten to check not against
the negotiated hostkey type, but if the client supports the RSA with
SHA2 (regardless of the negotiated key type). But I did not have time
to look better into the implementation yet.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list