Difference between revisions of "SHA-1 (deprecated)"
Jump to navigation
Jump to search
m (Cry moved page SHA-1 to SHA-1 (deprecated)) |
(→Status) |
||
Line 3: | Line 3: | ||
== Status == | == Status == | ||
* Disabled in [[OpenSSH 8.8]] September 2021 | * Disabled in [[OpenSSH 8.8]] September 2021 | ||
− | * Not supported in [[Terraform]] since 1.2 (May 2022) | + | * Not supported in [[Terraform changelog|Terraform]] since 1.2 (May 2022) |
== Attacks == | == Attacks == |
Latest revision as of 06:21, 31 August 2022
wikipedia:SHA-1 is deprecated
Contents
Status[edit]
- Disabled in OpenSSH 8.8 September 2021
- Not supported in Terraform since 1.2 (May 2022)
Attacks[edit]
Certificates are at special risk to the aforementioned SHA1 collision vulnerability as an attacker has effectively unlimited time in which to craft a collision that yields them a valid certificate, far more than the relatively brief LoginGraceTime window that they have to forge a host key signature.
Related[edit]
See also[edit]
- SHA, SHA-0, SHA-1, SHA-2, SHA-3, SHA-256,
shasum, sha1sum, sha256sum, sha512sum
- OpenSSH (changelog):
/etc/ssh/sshd_config
|/etc/ssh/ssh_config
|~/.ssh/
|openSSL | sshd logs
|sftp
|scp
|authorized_keys
|ssh-keygen
|ssh-keyscan
|ssh-add
|ssh-agent
|ssh
|Ssh -O stop
|ssh-copy-id
|CheckHostIP
|UseKeychain
, OpenSSF
Advertising: