On Wed, 5 Apr 2017, Jakub Jelen wrote: > Disabling SHA-1 for signatures sounds like a good idea these days (and was the > main reason why the extension created if I read it right [1]). > This leaves me confused if the use case without SHA1 was missed from the draft > or it was left as an implementation detail, that was not implemented in > OpenSSH. The reasons we didn't implement disabling RSA/SHA1 were basically: 1) The protocol extension used to negotiate the RSA/SHA2 methods is still an early draft and is subject to change 2) Hardly any other implementations support the necessary extension. 3) Support for RSA/SHA2 signatures is still incomplete, e.g. they aren't usable with PKCS#11 tokens yet. IMO users who want a stronger signature hash algorithm should use ed25519 or one of the ECDSA methods for the time being. All of these use SHA2 hashes. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev