> Default to SHA256 for key fingerprints. Typically changes should go upstream first, and it doesn't seem this was patched upstream yet or even an issue opened? And not patched in Debian yet either?
> MD5 is long deprecated, OpenSSH has switched to SHA256. is this accurate even for key fingerprints used only in log messages? i didn't think that the hash function really mattered from a security perspective if used only for key fingerprints (this is a hash of the *public* key, right?), and md5 fingerprints seem fairly common still? Shouldn't this change at least be proposed upstream before making this change in ubuntu? Making this change only for FIPS would be one thing, but unilaterally changing this for all users might not be appropriate? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964486 Title: crash when in FIPS mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam-ssh-agent-auth/+bug/1964486/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
