Use SHA256 instead of MD5 for fingerprints#162
Closed
thyssentishman wants to merge 1 commit into
Closed
Conversation
vicajilau
added a commit
that referenced
this pull request
Jun 14, 2026
Preserve author of PR #162: cherry-pick and revert
Collaborator
|
Many thanks for this @thyssentishman !! It has been used on #163 |
GT-610
added a commit
to lollipopkit/dartssh2
that referenced
this pull request
Jun 15, 2026
Resolved conflicts while merging TerminalStudio/dartssh2 master into lollipopkit/dartssh2 master. Key upstream changes: - Fixed AES-GCM cipher encryption/decryption sequence number/nonce counter resetting during key exchanges (TerminalStudio#165). - BREAKING: SSHHostkeyVerifyHandler now receives OpenSSH-style SHA256:<base64> fingerprints instead of raw MD5 digests (TerminalStudio#162). - Added regression tests for SHA256 host key fingerprint formatting. Preserved local changes: - ChaCha20-Poly1305 packet encryption/decryption support. - Encrypt-then-MAC (ETM) algorithm support. - Server-initiated and byte-limit rekeying with SSH_MSG_IGNORE CBC padding messages. - Host-based authentication challenge helper. - Constant-time MAC comparison. - Local onVerifyHostKey handler compatibility and extended handshake error assertions.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is OpenSSH's default since OpenSSH 6.8. This makes it possible to verify fingerprints with
onVerifyHostKeywhen logging into servers running this or higher versions of OpenSSH.