tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: default sshd host keys



On Mon, Sep 03, 2012 at 10:32:32PM +0000, Taylor R Campbell wrote:
> (I am not subscribed to these lists, so please cc me in replies.)
> 
> If you enable sshd on stock NetBSD 6.0_RC1, then by default on boot
> you will get an RSA host key with a 1024-bit modulus, a DSA host key
> with 1024/160-bit parameters, and an ECDSA host key from the nistp521
> curve.  All this is decided by the defaults specified in
> /etc/rc.d/sshd and /etc/defaults/rc.conf.

I'd guess that hoping for that much 'entropy' just after boot is rather
wishful thinking.
Delaying the generation of the keys to a later time would give a
better chance of them being actually random.

        David

-- 
David Laight: david%l8s.co.uk@localhost


Home | Main Index | Thread Index | Old Index