Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Snapshot
|
Docs
|
Changes
|
Wishlist
Currently, when an RSA key is used for user authentication or as a host key for server authentication, the SHA-1 hash algorithm is involved. These days, SHA-1 is considered weak.
RFC 8332 specifies a way to use the SHA-256 and SHA-512 hashes with RSA keys instead.
This change doesn't invalidate any existing RSA keys; the RSA public key format is unchanged, so there's no need to replace any user keys, and no effect on the host key cache. The new hash algorithms will be used transparently if client and server both support them.
First we have to implement RFC 8308, a change to extension negotiation.
(Pageant has been able to generate such signatures since 0.71 -- see pageant-rsa-sha2 -- but up until now it would only do so in response to a forwarded request from a non-PuTTY SSH client.)