From 5d5a6a8fd3900cd078d030a15ea96c4969def524 Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Fri, 21 Oct 2022 11:53:27 +0100 Subject: [PATCH] Docs: MD5 is forced for SSH-1 key fingerprints. --- doc/pageant.but | 9 +++++---- doc/pubkey.but | 6 +++--- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/doc/pageant.but b/doc/pageant.but index 206811f5..99a8145a 100644 --- a/doc/pageant.but +++ b/doc/pageant.but @@ -86,10 +86,11 @@ fingerprint shown by remote utilities such as \i\c{ssh-keygen} when applied to your \c{authorized_keys} file. \lcont{ -By default this is shown in the \q{SHA256} format. You can change to the -older \q{MD5} format (which looks like \c{aa:bb:cc:...}) with the -\q{Fingerprint type} drop-down, but bear in mind that this format is -less secure and should be avoided for comparison purposes where possible. +For SSH-2 keys, by default this is shown in the \q{SHA256} format. You +can change to the older \q{MD5} format (which looks like \c{aa:bb:cc:...}) +with the \q{Fingerprint type} drop-down, but bear in mind that this +format is less secure and should be avoided for comparison purposes +where possible. If some of the keys loaded into Pageant have certificates attached, then Pageant will default to showing the fingerprint of the underlying diff --git a/doc/pubkey.but b/doc/pubkey.but index b97f43de..f696c0db 100644 --- a/doc/pubkey.but +++ b/doc/pubkey.but @@ -240,9 +240,9 @@ a particular fingerprint. So some utilities, such as the Pageant key list box (see \k{pageant-mainwin-keylist}) and the Unix \c{ssh-add} utility, will list key fingerprints rather than the whole public key. -By default, PuTTYgen will display fingerprints in the \q{SHA256} -format. If you need to see the fingerprint in the older \q{MD5} format -(which looks like \c{aa:bb:cc:...}), you can choose +By default, PuTTYgen will display SSH-2 key fingerprints in the +\q{SHA256} format. If you need to see the fingerprint in the older +\q{MD5} format (which looks like \c{aa:bb:cc:...}), you can choose \q{Show fingerprint as MD5} from the \q{Key} menu, but bear in mind that this is less cryptographically secure; it may be feasible for an attacker to create a key with the same fingerprint as yours.