I know that this is a bit paranoid, but once/if you get access to someone's computer, you're pretty much left with a catalog of other systems that you might have access to in ~/.ssh/known_hosts
My question is: why aren't those entries hashed in a way that there are no collisions? if someone wants to verify if the fingerprint is ok, there should be a command that given the domain would print the existing fingerprint (by calculating the hash meanwhile)<p>Ofcourse, the Hash would have to be salted (and/or peppered) by system.<p>*Perfect 'hash' function: https://en.wikipedia.org/wiki/Perfect_hash_function
Huh? known_hosts files <i>are</i> hashed by default.<p>If yours aren't, it's probably because you have `HashKnownHosts no` in your config somewhere.