Got $50k spare? Then you can crack SHA-1 – so OpenSSH is deprecating flawed hashing algo in a 'near-future release'

2020-05-28 21:03

"It is now possible to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K. For this reason, we will be disabling the 'ssh-rsa' public key signature algorithm by default in a near-future release," said OpenSSH maintainer Damien Miller in the release notes for OpenSSH 8.3, echoing similar comments from the 8.2 release notes back in February.

The OpenSSH team suggest users and administrators use alternative, more secure hashing algorithms including SHA-2 or the even older ssh-ed25519 or ECDSA as proposed in 2009.

Another suggestion is to use the UpdateHostKeys setting in OpenSSH clients, which automatically updates the client's knowledge of the keys identifying the server and the algorithm used, as explained by Miller here in 2015.

Essentially, if a device or client can support something better than SHA-1 that's also supported by OpenSSH, all will be well; if it's hardwired to SHA-1, action is needed to connect to an OpenSSH server that no longer supports the algorithm.

Alan Woodward, professor of cybersecurity at the University of Surrey in England, told The Register that "SHA-1 is no longer secure but actually it is still fairly difficult to crack," which is true, but equally the fact that it has been known to be flawed for over a decade and remains in wide use shows how slow the industry is to move.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/28/openssh_deprecating_sha1/

#crack