tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: default sshd host keys
On Mon, Sep 03, 2012 at 10:32:32PM +0000, Taylor R Campbell wrote:
> (I am not subscribed to these lists, so please cc me in replies.)
>
> If you enable sshd on stock NetBSD 6.0_RC1, then by default on boot
> you will get an RSA host key with a 1024-bit modulus, a DSA host key
> with 1024/160-bit parameters, and an ECDSA host key from the nistp521
> curve. All this is decided by the defaults specified in
> /etc/rc.d/sshd and /etc/defaults/rc.conf.
I'd guess that hoping for that much 'entropy' just after boot is rather
wishful thinking.
Delaying the generation of the keys to a later time would give a
better chance of them being actually random.
David
--
David Laight: david%l8s.co.uk@localhost
Home |
Main Index |
Thread Index |
Old Index