Stop recording MD5 fingerprint for keys
Proposal
Follow-on from #195668 (closed)
Once we are looking up SSH keys by SHA256 fingerprint, we have no more use for the MD5 fingerprint. Further, generating the fingerprint is impossible in FIPS-enforcing environments; trying to do so means the operation will fail.
I propose we stop generating the MD5 fingerprint on key addition, and remove the keys.fingerprint
column entirely from the database.
It may still be valuable to display the MD5 fingerprint; we could do that on-demand, when viewing the page for a key, instead of when adding the key. They're cheap to calculate; we only store them in the DB for search purposes. We could skip attempting to do so when in a FIPS-enforcing environment.