Openssh hash request
Damien Miller
djm at mindrot.org
Mon Oct 17 09:36:08 EST 2005
On Fri, 14 Oct 2005, Stephen J. Smoogen wrote:
> On 10/14/05, David <shadoweyez at gmail.com> wrote:
>> Please forgive if this is the wrong place...
>>
>> As a user of the excellent ssh and sshd I would like to see the next
>> version of openssh contain support for the SHA-2 hashes (SHA-256,
>> SHA-384, and SHA-512) as the SHA-1 hash is now known to be vulnerable to
>> a 2^69 and possibly a 2^63 key-space search. As of version 0.98 openssl
>> contained support for these hashes so it would be nice if openssh
>> followed suit.
>
> There are several questions that would need to be answered:
>
> 1) Does the SSH spec allow for any algorithms other than SHA1? If it
> doesnt then the first place to work it through would be the IETF. [I
> do not know the answer myself..]
For the per-packet MAC, only HMAC-SHA1 and HMAC-MD5 are supported. In
reality, even these are overkill (in terms of MAC length).
Wang, Yin and Yu's results on SHA1 don't matter for its use in HMAC
anyway.
> 2) How long do you want your message to be secure? If you say
> forever... then you are best off not saying anything. If you say 100
> years.. it would probably be best not to say anything. If you are
> looking for 10 years then does the search space time for 2^60 or more
> fit into that time frame. (Searching 2^30 (approx 1 billion keys) a
> second it would take 34 years to search for this. This doesnt take in
> account parrelization or other items).
Finding a hash collision doesn't render your encrypted messages
vulnerable.
-d
More information about the openssh-unix-dev
mailing list