Key fingerprint feature request
Jason Stone
jason at dfmm.org
Sat Feb 3 23:19:59 EST 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> > I'm not very optimistic that commercial ssh is going to change to
> > md5/hex fingerprint :)
>
> i tried to document our fingerprint format and
> sent this to the ietf-secsh list.
Except that isn't md5 deprecated in favor of sha1?
The collision resistance of md5 has been shown to be substancially less
than was originally believed, while sha1 is still believed (to my
knowledge) to be secure. Additionally, there new fips standards extending
sha1 to other lengths than 160 bits to match the movement to much longer
keys/hashes/moduli that started with AES, which may be desirable in the
future.
Cryptography aside, sha1 is a federal standard, and is standard in
f-secure, as well as non-related products like GnuPG. Wouldn't it make
sense for us to also use (or at least support) sha1?
-Jason
---------------------------
If the Revolution comes to grief, it will be because you and those you
lead have become alarmed at your own brutality. --John Gardner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg
iD8DBQE6e/dzswXMWWtptckRAgPEAJ99yfM3XtSJr83WbIf1kgA5icK6mACgqmjd
52SUQRNA+llkvTMs+X0HIo8=
=hY10
-----END PGP SIGNATURE-----
More information about the openssh-unix-dev
mailing list