bugzilla-daemon at mindrot.org
2014-Dec-17 01:24 UTC
[Bug 1872] Support better hash algorithms for key fingerprints (FIPS compat)
https://bugzilla.mindrot.org/show_bug.cgi?id=1872 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2007|0 |1 is obsolete| | Attachment #2429|0 |1 is obsolete| | Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org Status|NEW |ASSIGNED --- Comment #20 from Damien Miller <djm at mindrot.org> --- Created attachment 2518 --> https://bugzilla.mindrot.org/attachment.cgi?id=2518&action=edit FingerprintHash option This adds a FingerprintHash option to sshd and ssh, and a -E flag to ssh-add, ssh-agent and ssh-keygen. Fingerprints are now prefixed with the hash algorithm used and non-MD5 hashes use base64 encoding rather than hex. The default fingerprint algorithm is SHA256. Examples:> ssh-keygen -vlf /etc/ssh/ssh_host_rsa_key.pub > 2048 SHA256:rLKEbjpoN2+kuMQB7EiPqaeHut65ZfSe/z1EaWtKEmk /etc/ssh/ssh_host_rsa_key.pub (RSA) > +---[RSA 2048]----+ > | | > |. | > |.o . . | > |= + . E + | > |.= . . S . o . | > |o ...... . . + | > |o++ =o.. o + | > |=*+=++. . ... | > |OO++*. o.... .. | > +----[SHA256]-----+ > > ssh-keygen -lE md5 -f /etc/ssh/ssh_host_rsa_key.pub > 2048 MD5:3e:f9:51:d3:29:10:e7:a2:40:6f:2c:d2:7a:4c:bc:b2 /etc/ssh/ssh_host_rsa_key.pub (RSA)BTW, I chose "FingerprintHash" rather than "FingerprintType" because we already have different types of fingerprints: hex, bubblebabble and randomart. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Reasonably Related Threads
- [Bug 1872] Support better hash algorithms for key fingerprints (FIPS compat)
- [Bug 1872] Support better hash algorithms for key fingerprints (FIPS compat)
- [Bug 1872] Support better hash algorithms for key fingerprints (FIPS compat)
- [Bug 1872] Support better hash algorithms for key fingerprints (FIPS compat)
- [Bug 1872] Support better hash algorithms for key fingerprints (FIPS compat)