Alice Wonder wrote: > On 10/19/2016 11:34 AM, Leonard den Ottolander wrote: >> Hello Gordon, >> > *snip* >> >> Personally I would be more concerned whether or not to enable ECDSA >> algorithms (https://blog.cr.yp.to/20140323-ecdsa.html). >> > For web server ECDSA certs is currently a concern because the only > curves with popular support across browsers have parameters that were > chosen for undocumented reasons. > > That doesn't mean they are vulnerable but there is a question. > > OpenSSH uses Curve25519 for ECDSA which has documented reasons for the > parameters chosen and thus are far less likely to be nefariously chosen. > > At least that's my understanding of the situation, which could be flawed. Oh, are those the ones with the NSA backdoor curve? mark _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
Re: SSH Weak Ciphers
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: SSH Weak Ciphers
- From: m.roth@xxxxxxxxx
- Date: Wed, 19 Oct 2016 16:54:36 -0400
- Delivered-to: centos@xxxxxxxxxx
- Importance: Normal
- In-reply-to: <9d47fdf6-a7be-e242-1bb7-91c03758920f@domblogger.net>
- References: <CACdTQcUkeeDzOOJjzXCSrBSeOFdS-DHAWf6Cmy3U+h4dD+DjGA@mail.gmail.com> <1476891009.5091.15.camel@quad> <648c1d66-1fa3-d1e0-052e-02861b4599b8@gmail.com> <1476902064.5091.36.camel@quad> <9d47fdf6-a7be-e242-1bb7-91c03758920f@domblogger.net>
- User-agent: SquirrelMail/1.4.23 [SVN]
- Follow-Ups:
- Re: SSH Weak Ciphers
- From: Alice Wonder
- Re: SSH Weak Ciphers
- References:
- SSH Weak Ciphers
- From: Clint Dilks
- Re: SSH Weak Ciphers
- From: Leonard den Ottolander
- Re: SSH Weak Ciphers
- From: Gordon Messmer
- Re: SSH Weak Ciphers
- From: Leonard den Ottolander
- Re: SSH Weak Ciphers
- From: Alice Wonder
- SSH Weak Ciphers
- Prev by Date: Re: SSH Weak Ciphers
- Next by Date: Re: Bacula Restore
- Previous by thread: Re: SSH Weak Ciphers
- Next by thread: Re: SSH Weak Ciphers
- Index(es):
 |