Allow SHA1 deprecation for rsa-sha
Damien Miller
djm at mindrot.org
Thu Apr 6 08:29:10 AEST 2017
On Wed, 5 Apr 2017, Jakub Jelen wrote:
> Disabling SHA-1 for signatures sounds like a good idea these days (and was the
> main reason why the extension created if I read it right [1]).
> This leaves me confused if the use case without SHA1 was missed from the draft
> or it was left as an implementation detail, that was not implemented in
> OpenSSH.
The reasons we didn't implement disabling RSA/SHA1 were basically:
1) The protocol extension used to negotiate the RSA/SHA2 methods is still
an early draft and is subject to change
2) Hardly any other implementations support the necessary extension.
3) Support for RSA/SHA2 signatures is still incomplete, e.g. they aren't
usable with PKCS#11 tokens yet.
IMO users who want a stronger signature hash algorithm should use ed25519
or one of the ECDSA methods for the time being. All of these use SHA2 hashes.
-d
More information about the openssh-unix-dev
mailing list