Re: Allow SHA1 deprecation for rsa-sha

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, 5 Apr 2017, Jakub Jelen wrote:

> Disabling SHA-1 for signatures sounds like a good idea these days (and was the
> main reason why the extension created if I read it right [1]).
> This leaves me confused if the use case without SHA1 was missed from the draft
> or it was left as an implementation detail, that was not implemented in
> OpenSSH.

The reasons we didn't implement disabling RSA/SHA1 were basically:

1) The protocol extension used to negotiate the RSA/SHA2 methods is still
   an early draft and is subject to change
2) Hardly any other implementations support the necessary extension.
3) Support for RSA/SHA2 signatures is still incomplete, e.g. they aren't
   usable with PKCS#11 tokens yet.

IMO users who want a stronger signature hash algorithm should use ed25519
or one of the ECDSA methods for the time being. All of these use SHA2 hashes.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux