tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: default sshd host keys (Taylor R Campbell) writes:

>Going a little further, we could use `ssh-keygen -A' to generate all
>the keys, instead of the script in /etc/rc.d/sshd.  However, that's a
>bigger change, and I am also nervous about using 1024/160-bit DSA
>parameters, which are much too small these days; or even using (EC)DSA
>at all, because it requires an entropy source not only for key
>generation but also to make signatures.  So if we make any bigger
>change, I'd like to discuss using only RSA keys with >=2048-bit moduli
>by default.

Don't you need all the keys to talk to other systems that use them?
Also, if you don't trust 1024/160-bit DSA, then you shouldn't trust
the defaults at all but require explicit values for everything.

As for keylength, the real default should correspond to what a system
can afford to. It doesn't make sense to protect yourself against attacks
from the NSA when the system becomes unusuable this way. Instead you
should be aware who can compromise your system and how fast.

                                Michael van Elst
                                "A potential Snark may lurk in every tree."

Home | Main Index | Thread Index | Old Index