[Bug 3375] New: SHA1 is used as a proof of possession for the RSA key

bugzilla-daemon Thu, 16 Dec 2021 01:56:40 -0800

https://bugzilla.mindrot.org/show_bug.cgi?id=3375


            Bug ID: 3375
           Summary: SHA1 is used as a proof of possession for the RSA key
           Product: Portable OpenSSH
           Version: 8.7p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: [email protected]
          Reporter: [email protected]

If we need to get a proof of ownership for a RSA key on establishing a
connection, the SHA1 algorithm is used by default (see the ssh_rsa_sign
function). Not sure that it is the best possible option now. 

As it is possible to explicitly request the hash, it's worth analyze
the client's capabilities and use SHA2 for this purpose.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3375] New: SHA1 is used as a proof of possession for the RSA key

Reply via email to