This is a discussion on Re: Openssh hash request - openssh ; On Fri, 14 Oct 2005, Stephen J. Smoogen wrote: > On 10/14/05, David wrote: >> Please forgive if this is the wrong place... >> >> As a user of the excellent ssh and sshd I would like to see the ...
On Fri, 14 Oct 2005, Stephen J. Smoogen wrote:
> On 10/14/05, David
>> Please forgive if this is the wrong place...
>> As a user of the excellent ssh and sshd I would like to see the next
>> version of openssh contain support for the SHA-2 hashes (SHA-256,
>> SHA-384, and SHA-512) as the SHA-1 hash is now known to be vulnerable to
>> a 2^69 and possibly a 2^63 key-space search. As of version 0.98 openssl
>> contained support for these hashes so it would be nice if openssh
>> followed suit.
> There are several questions that would need to be answered:
> 1) Does the SSH spec allow for any algorithms other than SHA1? If it
> doesnt then the first place to work it through would be the IETF. [I
> do not know the answer myself..]
For the per-packet MAC, only HMAC-SHA1 and HMAC-MD5 are supported. In
reality, even these are overkill (in terms of MAC length).
Wang, Yin and Yu's results on SHA1 don't matter for its use in HMAC
> 2) How long do you want your message to be secure? If you say
> forever... then you are best off not saying anything. If you say 100
> years.. it would probably be best not to say anything. If you are
> looking for 10 years then does the search space time for 2^60 or more
> fit into that time frame. (Searching 2^30 (approx 1 billion keys) a
> second it would take 34 years to search for this. This doesnt take in
> account parrelization or other items).
Finding a hash collision doesn't render your encrypted messages
openssh-unix-dev mailing list