Slackware64-current ChangeLog (2021-09-26)

Sun Sep 26 18:57:07 UTC 2021

  • n/openssh-8.8p1-x86_64-1.txz
    Please note “Potentially-incompatible changes” from the release notes:
    This release disables RSA signatures using the SHA-1 hash algorithm
    by default. This change has been made as the SHA-1 hash algorithm is
    cryptographically broken, and it is possible to create chosen-prefix
    hash collisions for <USD$50K [1]
    For most users, this change should be invisible and there is
    no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
    RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
    will automatically use the stronger algorithm where possible.
    Incompatibility is more likely when connecting to older SSH
    implementations that have not been upgraded or have not closely tracked
    improvements in the SSH protocol. For these cases, it may be necessary
    to selectively re-enable RSA/SHA1 to allow connection and/or user
    authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
    options. For example, the following stanza in ~/.ssh/config will enable
    RSA/SHA1 for host and user authentication for a single destination host:
    Host old-host
    HostkeyAlgorithms +ssh-rsa
    PubkeyAcceptedAlgorithms +ssh-rsa
    We recommend enabling RSA/SHA1 only as a stopgap measure until legacy
    implementations can be upgraded or reconfigured with another key type
    (such as ECDSA or Ed25519).
    [1] “SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
    Application to the PGP Web of Trust” Leurent, G and Peyrin, T
  • news/2021/09/26/slackware64-current-changelog.txt
  • Last modified: 10 months ago
  • by Giuseppe Di Terlizzi