Key fingerprints (not the DNS kind)

shawn wilson ag4ve.us at gmail.com
Mon Nov 10 14:01:19 EST 2014


On Nov 9, 2014 8:42 PM, "Damien Miller" <djm at mindrot.org> wrote:
>
> On Sun, 9 Nov 2014, shawn wilson wrote:
>
> > On Sun, Nov 9, 2014 at 7:11 PM, Damien Miller <djm at mindrot.org> wrote:
> >
> > That's always a good idea, but try not to reinvent the wheel too much
> > here: http://hashcat.net/wiki/doku.php?id=example_hashes
> > There's no m5(sha512(word)) but $foo$fpr or $foo$host$fpr should maybe
> > be used?
>
> I don't think password hashes are a good model for key fingerprints.
> Password hashes are intended for consumption in password databases,
> key fingerprints are intended for rapid and accurate comparison by
> humans.
>

It is to identify a hash. Who cares what the hash is of. I was pointing out
prior design that'd be good to use here.

> BTW I think md5(inner_hash(x)) is a terrible idea :)

I don't see a benefit to doing this but also no harm.


More information about the openssh-unix-dev mailing list