Mailing List Archive

[Bug 3322] New: Switch SSHFP default digest to SHA256
https://bugzilla.mindrot.org/show_bug.cgi?id=3322

Bug ID: 3322
Summary: Switch SSHFP default digest to SHA256
Product: Portable OpenSSH
Version: 8.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs@mindrot.org
Reporter: dbelyavs@redhat.com

OpenSSH uses SHA1 as a default digest for SSHFP records for RSA/DSA
algorithms.

RFC 6594 permits using much more secure SHA256 algorithm with SSHFP
records. SHA256 is already default digest for Ed25519 and ECDSA SSHFP
records.

The straightforward PR:

https://github.com/openssh/openssh-portable/pull/259

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs