[Nix-dev] SECURITY: default SSH host keys are weak
phreedom at yandex.ru
phreedom at yandex.ru
Fri Aug 23 20:29:58 CEST 2013
> > I has been brought to our attention that the host keys created by the
> > default SSH daemon configuration are too weak.
>
> Citation needed please. According to who are DSA keys bad? OpenSSH's own
> "make host-key" installs a DSA key (in addition to RSA and ECDSA keys).
Section 2.1: 1024bit keys should be phased out by 2010
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_PART3_key-management_Dec2009.pdf
More recent revision 5.6.2: lists 1024bit DSA/RSA as weak:
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf
More information about the nix-dev
mailing list