> Please forgive if this is the wrong place...
>
> As a user of the excellent ssh and sshd I would like to see the next
> version of openssh contain support for the SHA-2 hashes (SHA-256,
> SHA-384, and SHA-512) as the SHA-1 hash is now known to be vulnerable to
> a 2^69 and possibly a 2^63 key-space search. As of version 0.98 openssl
> contained support for these hashes so it would be nice if openssh
> followed suit.
>
> I posted this request before on comp.security.ssh and was correctly told
> that by default sshd regenerates the key every 60 mins. But consider a
> server using SHA-1, and an attacker who wants the user/password, or a
> file being transfered, and captures the cipher data. While they cannot
> see your session in "real time" they still could capture the data and
> key-search the SHA-1 hash, making it easier to break the key.
>
> While I'm no crypto-expert, this does _NOT_ seem like a good thing(tm).
> Are there any plans to implement these hashes into openssh?


Youare no crypto-expert, but as the SSH protocol uses these things
as HMAC varients, none of the above makes any sense.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev