On Wed, 5 Apr 2017, Jakub Jelen wrote:> Disabling SHA-1 for signatures sounds like a good idea these days (and was the > main reason why the extension created if I read it right [1]). > This leaves me confused if the use case without SHA1 was missed from the draft > or it was left as an implementation detail, that was not implemented in > OpenSSH.The reasons we didn't implement disabling RSA/SHA1 were basically: 1) The protocol extension used to negotiate the RSA/SHA2 methods is still an early draft and is subject to change 2) Hardly any other implementations support the necessary extension. 3) Support for RSA/SHA2 signatures is still incomplete, e.g. they aren't usable with PKCS#11 tokens yet. IMO users who want a stronger signature hash algorithm should use ed25519 or one of the ECDSA methods for the time being. All of these use SHA2 hashes. -d
On Thu, Apr 6, 2017 at 12:29 AM, Damien Miller <djm at mindrot.org> wrote:> 3) Support for RSA/SHA2 signatures is still incomplete, e.g. they aren't > usable with PKCS#11 tokens yet.Could you please elaborate on what that means? I only use RSA keys with PKCS11 tokens (OpenSC), and it works with SHA2.> IMO users who want a stronger signature hash algorithm should use ed25519 > or one of the ECDSA methods for the time being. All of these use SHA2 hashes.Exactly what I do, when I don't need to use a legacy key on a PKCS11 token... Thanks, Nuno
The problem is that (AFAIK) OpenSSH doesn't work with EC tokens. On the other hand, I've been using RSA with SHA-2 successfully with several tokens (mostly PIV). Regards, Uri Sent from my iPhone> On Apr 5, 2017, at 19:00, Nuno Gon?alves <nunojpg at gmail.com> wrote: > >> On Thu, Apr 6, 2017 at 12:29 AM, Damien Miller <djm at mindrot.org> wrote: >> 3) Support for RSA/SHA2 signatures is still incomplete, e.g. they aren't >> usable with PKCS#11 tokens yet. > > Could you please elaborate on what that means? I only use RSA keys > with PKCS11 tokens (OpenSC), and it works with SHA2. > >> IMO users who want a stronger signature hash algorithm should use ed25519 >> or one of the ECDSA methods for the time being. All of these use SHA2 hashes. > > Exactly what I do, when I don't need to use a legacy key on a PKCS11 token... > > Thanks, > Nuno > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4223 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20170405/03af5979/attachment.bin>
And mouse07410 fork of OpenSC.tokend supports both SHA-2 and ECC. Regards, Uri Sent from my iPhone> On Apr 5, 2017, at 19:00, Nuno Gon?alves <nunojpg at gmail.com> wrote: > >> On Thu, Apr 6, 2017 at 12:29 AM, Damien Miller <djm at mindrot.org> wrote: >> 3) Support for RSA/SHA2 signatures is still incomplete, e.g. they aren't >> usable with PKCS#11 tokens yet. > > Could you please elaborate on what that means? I only use RSA keys > with PKCS11 tokens (OpenSC), and it works with SHA2. > >> IMO users who want a stronger signature hash algorithm should use ed25519 >> or one of the ECDSA methods for the time being. All of these use SHA2 hashes. > > Exactly what I do, when I don't need to use a legacy key on a PKCS11 token... > > Thanks, > Nuno > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4223 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20170405/df2a0a25/attachment-0001.bin>