[Bug 3322] New: Switch SSHFP default digest to SHA256
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Jun 19 02:12:18 AEST 2021
https://bugzilla.mindrot.org/show_bug.cgi?id=3322
Bug ID: 3322
Summary: Switch SSHFP default digest to SHA256
Product: Portable OpenSSH
Version: 8.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: dbelyavs at redhat.com
OpenSSH uses SHA1 as a default digest for SSHFP records for RSA/DSA
algorithms.
RFC 6594 permits using much more secure SHA256 algorithm with SSHFP
records. SHA256 is already default digest for Ed25519 and ECDSA SSHFP
records.
The straightforward PR:
https://github.com/openssh/openssh-portable/pull/259
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list