Openssh hash request
David
shadoweyez at gmail.com
Sat Oct 15 10:59:17 EST 2005
Please forgive if this is the wrong place...
As a user of the excellent ssh and sshd I would like to see the next
version of openssh contain support for the SHA-2 hashes (SHA-256,
SHA-384, and SHA-512) as the SHA-1 hash is now known to be vulnerable to
a 2^69 and possibly a 2^63 key-space search. As of version 0.98 openssl
contained support for these hashes so it would be nice if openssh
followed suit.
I posted this request before on comp.security.ssh and was correctly told
that by default sshd regenerates the key every 60 mins. But consider a
server using SHA-1, and an attacker who wants the user/password, or a
file being transfered, and captures the cipher data. While they cannot
see your session in "real time" they still could capture the data and
key-search the SHA-1 hash, making it easier to break the key.
While I'm no crypto-expert, this does _NOT_ seem like a good thing(tm).
Are there any plans to implement these hashes into openssh?
TIA,
David
More information about the openssh-unix-dev
mailing list