From: kc-openbsd@chadwicks.me.uk
Subject: Re: [PATCH] Upgrade ssh_connection_hash from SHA1 to SHA256
To: tech@openbsd.org
Date: Tue, 2 Sep 2025 01:14:33 +0100

2 Sept 2025 00:51:51 Damien Miller <djm@mindrot.org>:

> IMO, at 64 characters, a hex-encoded SHA256 hash is too long for this.
> It should be truncated and/or a modified b64 encoding use.

Perhaps it doesn't matter but wouldn't b64 lengthen or weaken the hash bits. CMAC would be shorter?