SHA-1 practical recommendations?
Aaron Jones
me at aaronmdjones.net
Thu Mar 11 06:05:46 AEDT 2021
On 10/03/2021 15:55, Daniel Pocock wrote:
> Does the command for checking ssh-rsa distinguish between SHA-1
> (insecure) and SHA-2?
The older ssh-rsa algorithm *only* uses SHA-1. The SHA-2 versions are
rsa-sha2-256 and rsa-sha2-512. If connecting to a server succeeds when
the former is excluded, the server supports SHA-2. If it does not, it
only supports SHA-1.
This also has nothing to do with the MACs setting; HMAC-SHA1 is still
secure (as is HMAC-MD5).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20210310/e7de4a34/attachment.asc>
More information about the openssh-unix-dev
mailing list