Docs: MD5 is forced for SSH-1 key fingerprints.

2025-01-09 01:18:00 +00:00 · 2022-10-21 11:53:27 +01:00 · 2022-10-21 11:53:27 +01:00 · 5d5a6a8fd3
commit 5d5a6a8fd3
parent d42983088a
2 changed files with 8 additions and 7 deletions
--- a/doc/pageant.but
+++ b/doc/pageant.but
@ -86,10 +86,11 @@ fingerprint shown by remote utilities such as \i\c{ssh-keygen} when
 applied to your \c{authorized_keys} file.

 \lcont{
-By default this is shown in the \q{SHA256} format. You can change to the
-older \q{MD5} format (which looks like \c{aa:bb:cc:...}) with the
-\q{Fingerprint type} drop-down, but bear in mind that this format is
-less secure and should be avoided for comparison purposes where possible.
+For SSH-2 keys, by default this is shown in the \q{SHA256} format. You
+can change to the older \q{MD5} format (which looks like \c{aa:bb:cc:...})
+with the \q{Fingerprint type} drop-down, but bear in mind that this
+format is less secure and should be avoided for comparison purposes
+where possible.

 If some of the keys loaded into Pageant have certificates attached,
 then Pageant will default to showing the fingerprint of the underlying
--- a/doc/pubkey.but
+++ b/doc/pubkey.but
@ -240,9 +240,9 @@ a particular fingerprint. So some utilities, such as the Pageant key
 list box (see \k{pageant-mainwin-keylist}) and the Unix \c{ssh-add}
 utility, will list key fingerprints rather than the whole public key.

-By default, PuTTYgen will display fingerprints in the \q{SHA256}
-format. If you need to see the fingerprint in the older \q{MD5} format
-(which looks like \c{aa:bb:cc:...}), you can choose
+By default, PuTTYgen will display SSH-2 key fingerprints in the
+\q{SHA256} format. If you need to see the fingerprint in the older
+\q{MD5} format (which looks like \c{aa:bb:cc:...}), you can choose
 \q{Show fingerprint as MD5} from the \q{Key} menu, but bear in mind
 that this is less cryptographically secure; it may be feasible for
 an attacker to create a key with the same fingerprint as yours.