Processing commands for cont...@bugs.debian.org:
> severity 788783 normal
Bug #788783 [openssh-client] openssh-client: uses MD5 for key fingerprints
Severity set to 'normal' from 'grave'
> kthxbye
Stopping processing here.
Please contact me if you need assistance.
--
788783: http://bugs.debian.o
severity 788783 normal
kthxbye
On Wed, Jun 17, 2015 at 12:01:09PM +0100, Mark Wooding wrote:
> The best technique I can think of uses Kelsey and Schneier's expandable
> messages, which uses collisions in the underlying compression function
> to obtain a second preimage for the hash of a /very long
"brian m. carlson" writes:
> > The remaining possibility is that the adversary has managed to come up
> > with a new public key (and matching private key) with the same
> > fingerprint as the target key, which was generated by an honest party.
> > But that's finding a second preimage, and it's /w
On Tue, Jun 16, 2015 at 11:13:58AM +0100, Mark Wooding wrote:
> The remaining possibility is that the adversary has managed to come up
> with a new public key (and matching private key) with the same
> fingerprint as the target key, which was generated by an honest party.
> But that's finding a sec
"brian m. carlson" writes:
> MD5 is not suitable for any application requiring collision resistance,
> such as a key fingerprint. Please switch to one of the SHA-2 values
> instead, or upgrade to OpenSSH 6.8, which fixes this problem.
Fortunately, your premise is incorrect. Key fingerprints do
On Sun, Jun 14, 2015 at 11:11:36PM +, brian m. carlson wrote:
> ssh-keygen and ssh itself are using MD5 for fingerprints:
>
> vauxhall ok % ssh-keygen -l -f ~/.ssh/id_rsa.pub
> 2048 9d:24:66:6e:37:8c:48:0f:28:1e:ba:36:b7:e3:47:e4
> /home/bmc/.ssh/id_rsa.pub (RSA)
> vauxhall ok % awk '{p
Package: openssh-client
Version: 1:6.7p1-6
Severity: grave
Tags: security
ssh-keygen and ssh itself are using MD5 for fingerprints:
vauxhall ok % ssh-keygen -l -f ~/.ssh/id_rsa.pub
2048 9d:24:66:6e:37:8c:48:0f:28:1e:ba:36:b7:e3:47:e4
/home/bmc/.ssh/id_rsa.pub (RSA)
vauxhall ok % awk '{prin
7 matches
Mail list logo
