Host names hashing

[Ángel]

On 2022-01-06 at 16:37 +1100, Damien Miller wrote:
> I'd prefer to remove hostname hashing. It's a pointless obscurity
> measure, and the most it can ever offer is protection against casual
> shoulder-surfing disclosure[*]
> 
> I wish I never added it. I consider it the most stupid thing I've
> ever done to OpenSSH :(
> 
> As far as what a concrete migration plan would look like, maybe
> something like:
> 
> 1) Add an ObscureKnownHostnames option that, instead of hashing,
> simply
>    base64-encodes the hostnames. This provides the same level of
>    protection as the current option. Recommend this instead of
>    HashKnownHosts in the manual.
> 
> 2) (later) Add a deprecation warning to HashKnownHosts
> 
> 3) (later still) Remove the HashKnownHosts option (or make it an
> alias
>    to ObscureKnownHostnames)
> 
> 4) (later again) Warn when known_hosts contains a hashed hostname
> 
> 5) (finally) rip out the hostname hashing code entirely.
> 
> -d


You should have an intermediate step where Hashed hosts get converted
to base64-ones when connecting to it. I'm sure someone would complain
("How does it dare «decrypt» it?"), but "losing" the server
fingerprint, thus forcing to either verify the fingerprint from a known
source (probably not available) or allow a MITM would be worse. 


Still, I don't like too much these two options for deprecating
HashKnownHosts.

I would suggest:

- Add ObscureKnownHostnames option with values sha1 / base64 / no
(None?)
- Make HashKnownHosts a deprecated alias for ObscureKnownHostnames
- Make the value "yes" equivalent to "sha1"

- (Later) Change "yes" to mean "base64"


Optionally, the conversion might be implicit in that host in a non-
preferred obscured format get automatically upgraded to the new one.


Regards