Christian Hesse
2015-Aug-05 20:47 UTC
[PATCH 1/1] document all hash algorithms available for key fingerprint display
From: Christian Hesse <mail at eworm.de> Signed-off-by: Christian Hesse <mail at eworm.de> --- ssh_config.5 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ssh_config.5 b/ssh_config.5 index 5b0975f..28f7714 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -649,9 +649,13 @@ The default is .It Cm FingerprintHash Specifies the hash algorithm used when displaying key fingerprints. Valid options are: -.Dq md5 +.Dq md5 , +.Dq ripemd160 , +.Dq sha1 , +.Dq sha256 , +.Dq sha384 and -.Dq sha256 . +.Dq sha512 . The default is .Dq sha256 . .It Cm ForwardAgent -- 2.5.0
Jakub Jelen
2015-Aug-06 08:54 UTC
[PATCH 1/1] document all hash algorithms available for key fingerprint display
I filled bug [1] on the same topic yesterday with different approach. I don't think the intention was to provide all hashing algorithms for fingerprints, but to slowly obsolete md5, replacing by sha256. But the final decision and clarification what was the real intention depends again on developers. On 08/05/2015 10:47 PM, Christian Hesse wrote:> From: Christian Hesse <mail at eworm.de> > > Signed-off-by: Christian Hesse <mail at eworm.de> > --- > ssh_config.5 | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/ssh_config.5 b/ssh_config.5 > index 5b0975f..28f7714 100644 > --- a/ssh_config.5 > +++ b/ssh_config.5 > @@ -649,9 +649,13 @@ The default is > .It Cm FingerprintHash > Specifies the hash algorithm used when displaying key fingerprints. > Valid options are: > -.Dq md5 > +.Dq md5 , > +.Dq ripemd160 , > +.Dq sha1 , > +.Dq sha256 , > +.Dq sha384 > and > -.Dq sha256 . > +.Dq sha512 . > The default is > .Dq sha256 . > .It Cm ForwardAgent-- Jakub Jelen Security Technologies Red Hat
Christian Hesse
2015-Aug-06 09:07 UTC
[PATCH 1/1] document all hash algorithms available for key fingerprint display
Jakub Jelen <jjelen at redhat.com> on Thu, 2015/08/06 10:54:> I filled bug [1] on the same topic yesterdayYou missed to add the link. ;)> with different approach. I > don't think the intention was to provide all hashing algorithms for > fingerprints, but to slowly obsolete md5, replacing by sha256.Obsoleting md5 makes sense, but there is nothing wrong with providing sha{1,384,512} for fingerprinting. However documentation should be consistent with code. -- main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];) putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);} -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150806/f3b79135/attachment-0001.bin>