On 2022-01-06 at 16:37 +1100, Damien Miller wrote:
> I'd prefer to remove hostname hashing. It's a pointless obscurity
> measure, and the most it can ever offer is protection against casual
> shoulder-surfing disclosure[*]
>
> I wish I never added it. I consider it the most stupid thing I've
> ever done to OpenSSH :(
>
> As far as what a concrete migration plan would look like, maybe
> something like:
>
> 1) Add an ObscureKnownHostnames option that, instead of hashing,
> simply
> base64-encodes the hostnames. This provides the same level of
> protection as the current option. Recommend this instead of
> HashKnownHosts in the manual.
>
> 2) (later) Add a deprecation warning to HashKnownHosts
>
> 3) (later still) Remove the HashKnownHosts option (or make it an
> alias
> to ObscureKnownHostnames)
>
> 4) (later again) Warn when known_hosts contains a hashed hostname
>
> 5) (finally) rip out the hostname hashing code entirely.
>
> -d
You should have an intermediate step where Hashed hosts get converted
to base64-ones when connecting to it. I'm sure someone would complain
("How does it dare «decrypt» it?"), but "losing" the server
fingerprint, thus forcing to either verify the fingerprint from a known
source (probably not available) or allow a MITM would be worse.
Still, I don't like too much these two options for deprecating
HashKnownHosts.
I would suggest:
- Add ObscureKnownHostnames option with values sha1 / base64 / no
(None?)
- Make HashKnownHosts a deprecated alias for ObscureKnownHostnames
- Make the value "yes" equivalent to "sha1"
- (Later) Change "yes" to mean "base64"
Optionally, the conversion might be implicit in that host in a non-
preferred obscured format get automatically upgraded to the new one.
Regards
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
