On Sun, Jun 14, 2015 at 11:11:36PM +0000, brian m. carlson wrote:
> ssh-keygen and ssh itself are using MD5 for fingerprints:
>
> vauxhall ok % ssh-keygen -l -f ~/.ssh/id_rsa.pub
> 2048 9d:24:66:6e:37:8c:48:0f:28:1e:ba:36:b7:e3:47:e4
> /home/bmc/.ssh/id_rsa.pub (RSA)
> vauxhall ok % awk '{print $2}' ~/.ssh/id_rsa.pub| base64 -d | md5sum
> 9d24666e378c480f281eba36b7e347e4 -
>
> MD5 is not suitable for any application requiring collision resistance,
> such as a key fingerprint. Please switch to one of the SHA-2 values
> instead,
I hope it's clear that it would be a terrible idea to do this entirely
independently in Debian.
> or upgrade to OpenSSH 6.8, which fixes this problem.
I'm working on this. The GSSAPI key exchange patch requires significant
work to handle the large internal refactoring that took place in 6.8, so
it's not entirely a quick process, I'm afraid, but it's pretty much at
the top of my Debian list.
--
Colin Watson [cjwat...@debian.org]
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
