On Wednesday, March 30, 2005 12:49:52 PM -0700 Joseph Galbraith <galb-list%vandyke.com@localhost> wrote:
I kind of hate to do this, but... In light of recent SHA1 weaknesses, which, if I understand correctly, may not really effect SSH, but are still worrisome, should we be looking at introducing a document for using SHA256? Or are the vulnerabilities too remote, and so much not an issue for our SSH usage, that we don't need to do anything in response?
I would encourage anyone pondering this question to read - The saag proceedings from IETF62, particularly Eric Rescorla's talk. - draft-hoffman-hash-attacks-00.txt - The current discussion on this topic on the saag mailing list. -- Jeffrey T. Hutzelman (N3NHS) <jhutz+%cmu.edu@localhost> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA