
Ask HN: Why doesn't SSH implement a 'Perfect hash function' for known hosts - joantune
I know that this is a bit paranoid, but once&#x2F;if you get access to someone&#x27;s computer, you&#x27;re pretty much left with a catalog of other systems that you might have access to in ~&#x2F;.ssh&#x2F;known_hosts 
My question is: why aren&#x27;t those entries hashed in a way that there are no collisions? if someone wants to verify if the fingerprint is ok, there should be a command that given the domain would print the existing fingerprint (by calculating the hash meanwhile)<p>Ofcourse, the Hash would have to be salted (and&#x2F;or peppered) by system.<p>*Perfect &#x27;hash&#x27; function: https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Perfect_hash_function
======
cjbprime
Huh? known_hosts files _are_ hashed by default.

If yours aren't, it's probably because you have `HashKnownHosts no` in your
config somewhere.

~~~
joantune
gosh, nevermind you're right, I just checked and on a 'recent' Linux VPS that
I had spinned out and indeed they are. But they weren't on my Mac and I had
never noticed that detail on new machines. All of the other ones where I
looked into ~/.ssh/known_hosts had plain hosts there.

on a side note: it's great to know that it's supported :)

