Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Snapshot
|
Docs
|
Privacy
|
Changes
|
Wishlist
PuTTY currently only supports one format for displaying SSH public key fingerprints (used when verifying host keys); this is the traditional set of hex octets calculated with the MD5 hash function specified by section 4 of RFC 4716 (for instance ssh-rsa 1024 7b:e5:6f:a7:f4:f9:81:62:5c:e3:1f:bf:8b:57:6c:5a).
New versions of OpenSSH (from 6.8) default to displaying a different, base64-format fingerprint for certain keys, with current versions calculated using the SHA-256 hash (for instance SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE).
Since modern OpenSSH takes some persuasion to display fingerprints in the old format, and we should be moving away from the weak MD5 hash anyway, PuTTY should support displaying fingerprints in this new format, as well as continuing to display the old format for backward compatibility.
We'd have to work out a UI for this. The obvious option is to display the fingerprint in all known formats in the host-key verification dialog; this will make the dialog even more intimidating, and could get unwieldy if we ever have more than two. A more complicated option would be to have a dropdown or buttons or something on the host-key dialog to let the user choose among the available formats; this probably implies a global setting to set the default (and PuTTY isn't currently very good at global settings).
(Should you need to get an MD5 fingerprint out of modern OpenSSH in the meantime, you need to run a command like
ssh-keygen -E md5 -l -f /etc/ssh/ssh_host_ed25519_key.pubon the relevant server.)
Some places where key fingerprints are currently used, so that extra UI complexity would need to be designed and implemented:
-O fingerprint
and its
synonym -l
use the current default fingerprint style, and
then add extra explicit modes like -O fingerprint-md5-hex
or -O fingerprint-sha256-base64
. [We added
-E md5
instead.]
pageant -l
on Unix.
A command-line option is the obvious way to select these.
[We added --fptype
.]
sha256:
and md5:
prefixes.]
SHA256:
prefix; you can
optionally specify MD5:
too.]
We have been dragging our feet about this, as the new OpenSSH scheme has some disadvantages, principally that it is harder to compare by hand and read out over the phone, as it makes no concession to the possibility of confusing homographs (letter-l versus number-1, O-vs-0 etc).
We did half-work-out an alternative scheme based on the the Uniform Data Fingerprint (UDF) scheme described in draft-hallambaker-udf. That scheme has been designed for readability while remaining relatively compact, to minimise the risk of ambiguity, and to allow easy migration to new hash algorithms (the first character encodes the algorithm); it would give fingerprints of the form MBQPX-76TZY-NXTKU-WJZIM-LH4T2-IYQU6. Our effort got as far as a half-written spec and some minimal proof-of-concept code, both unpublished. (However, the opportune moment to push this as a replacement for OpenSSH's scheme has clearly passed.)
2021-03-14: multiple formats are now supported, and the
OpenSSH-style SHA256 fingerprint (SHA-256 of the standard public key
blob, base64-encoded, with trailing =
stripped) is now
the default.