openssh-portable icon indicating copy to clipboard operation
openssh-portable copied to clipboard
verified publisher icon openssh

Upgrade ssh_connection_hash from SHA1 to SHA256

Open xnox opened this issue 4 months ago • 3 comments

Upgrade ssh_connection_hash from SHA1 to SHA256. Due to increased length, instead of using hex encoding, use base64url encoding, which for SHA256 is only slightly longer than hex SHA1.

This change enables building and using ssh completely without SHA1.

xnox avatar Sep 07 '25 23:09 xnox

base85(sha256(foo)) should be exactly the size of hex(sha1(foo)), is this an option?

sivizius avatar Nov 25 '25 21:11 sivizius

base85(sha256(foo)) should be exactly the size of hex(sha1(foo)), is this an option?

From mailing lists, one of the requirements that it has to be URL and file-system safe name, base85 seems to use \ and / which are not safe on filesystems - things can fail with "no such directory" because of slashes.

xnox avatar Nov 25 '25 23:11 xnox

From mailing lists, one of the requirements that it has to be URL and file-system safe name

I see, then nevermind.

sivizius avatar Nov 26 '25 09:11 sivizius