Mailing List Archive

From:: kc-openbsd@chadwicks.me.uk
Subject:: Re: [PATCH] Upgrade ssh_connection_hash from SHA1 to SHA256
To:: tech@openbsd.org
Date:: Tue, 2 Sep 2025 01:14:33 +0100

Download raw body.

Thread

2025-09-01 22:48 Dimitri John Ledkov:
[PATCH] Upgrade ssh_connection_hash from SHA1 to SHA256
- 2025-09-01 23:50 Damien Miller:
  [PATCH] Upgrade ssh_connection_hash from SHA1 to SHA256
- - 2025-09-02 00:14 kc-openbsd@chadwicks.me.uk:
    [PATCH] Upgrade ssh_connection_hash from SHA1 to SHA256
  - - 2025-09-02 09:00 Damien Miller:
      [PATCH] Upgrade ssh_connection_hash from SHA1 to SHA256
  - 2025-09-02 09:24 Job Snijders:
    [PATCH] Upgrade ssh_connection_hash from SHA1 to SHA256

2 Sept 2025 00:51:51 Damien Miller <djm@mindrot.org>:

> IMO, at 64 characters, a hex-encoded SHA256 hash is too long for this.
> It should be truncated and/or a modified b64 encoding use.

Perhaps it doesn't matter but wouldn't b64 lengthen or weaken the hash bits. CMAC would be shorter?

2025-09-01 22:48 Dimitri John Ledkov:
[PATCH] Upgrade ssh_connection_hash from SHA1 to SHA256
- 2025-09-01 23:50 Damien Miller:
  [PATCH] Upgrade ssh_connection_hash from SHA1 to SHA256
- - 2025-09-02 00:14 kc-openbsd@chadwicks.me.uk:
    [PATCH] Upgrade ssh_connection_hash from SHA1 to SHA256
  - - 2025-09-02 09:00 Damien Miller:
      [PATCH] Upgrade ssh_connection_hash from SHA1 to SHA256
  - 2025-09-02 09:24 Job Snijders:
    [PATCH] Upgrade ssh_connection_hash from SHA1 to SHA256