On Mon, 10 Nov 2014, Damien Miller wrote: > I'm not so concerned about how to display the new fingerprints. Say > we choose SHA512/224, which yields a 28 byte hash. Rendering this as > base64 gives us a 38 character string, well shorter than our current > key fingerprints. (e.g. "GIeKHpiBrP7zaEf7Blicgvez5JceCBfSaESlkA") Actually, better still would be embeddeding an algorithm identifier at the start of the hash, i.e. "A:GIeKHpiBrP7zaEf7Blicgvez5JceCBfSaESlkA" in case some time in the distant future we need to rotate away from whatever we choose to replace MD5. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
