ssh: case insensitive fingerprint validation

Thorsten Glaser t.glaser at tarent.de
Wed Sep 9 07:29:56 AEST 2020


On Tue, 8 Sep 2020, Patrik Lundin wrote:

> I'm just curious if this was a deliberate decision or if it would make
> sense to actually care about the case since the base64 encoded sha256
> fingerprints contains a mix of upper and lower case characters.

Probably a leftover from the MD5 fingerprints, which are hex.
I guess the code should check which kind of fingerprint it is
first then compare based on that.

bye,
//mirabilos
-- 
«MyISAM tables -will- get corrupted eventually. This is a fact of life. »
“mysql is about as much database as ms access” – “MSSQL at least descends
from a database” “it's a rebranded SyBase” “MySQL however was born from a
flatfile and went downhill from there” – “at least jetDB doesn’t claim to
be a database”	(#nosec)    ‣‣‣ Please let MySQL and MariaDB finally die!


More information about the openssh-unix-dev mailing list