Difference between revisions of "SHA-1 (deprecated)"
Jump to navigation
Jump to search
m (Cry moved page SHA-1 to SHA-1 (deprecated)) |
(→Status) |
||
| Line 3: | Line 3: | ||
== Status == | == Status == | ||
* Disabled in [[OpenSSH 8.8]] September 2021 | * Disabled in [[OpenSSH 8.8]] September 2021 | ||
| − | * Not supported in [[Terraform]] since 1.2 (May 2022) | + | * Not supported in [[Terraform changelog|Terraform]] since 1.2 (May 2022) |
== Attacks == | == Attacks == | ||
Latest revision as of 06:21, 31 August 2022
wikipedia:SHA-1 is deprecated
Contents
Status[edit]
- Disabled in OpenSSH 8.8 September 2021
- Not supported in Terraform since 1.2 (May 2022)
Attacks[edit]
Certificates are at special risk to the aforementioned SHA1 collision vulnerability as an attacker has effectively unlimited time in which to craft a collision that yields them a valid certificate, far more than the relatively brief LoginGraceTime window that they have to forge a host key signature.
Related[edit]
See also[edit]
- SHA, SHA-0, SHA-1, SHA-2, SHA-3, SHA-256,
shasum, sha1sum, sha256sum, sha512sum - OpenSSH (changelog):
/etc/ssh/sshd_config|/etc/ssh/ssh_config|~/.ssh/|openSSL | sshd logs|sftp|scp|authorized_keys|ssh-keygen|ssh-keyscan|ssh-add|ssh-agent|ssh|Ssh -O stop|ssh-copy-id|CheckHostIP|UseKeychain, OpenSSF
Advertising:
