Hello, I've read the recent "legacy key length" thread and would like to point out one more aspect. As I'm using OpenSSH on macOS for quite some time already, I encountered the awesome error message about "invalid key length" since the last High Sierra Update to 10.13.2. During my investigations I found out that macOS now uses OpenSSH_7.6p1 and LibreSSL 2.6.2. Looking through the releae notes of 7.6p1 it turned out that the forecasted deprecation of RSA keys length <1024 was executed (before it was 768 bits). Fair. Moving further, I recognized to my surprise, that my private key which I generated back in April 2016 was created with 1023 bit, according to "openssl rsa -text -noout -in ~/.ssh/id_rsa". From cryptographic perspective this seems to be totally fine and equal to 1024, as it's all about the interpretation of the most significant bit of the combination of the two 512 prime factors (hence it can be 1023, 1024 or 1025). My question now is, how does OpenSSH interprete this? Does it really mean, that any bit smaller than exactly 1024 bit (so 1023 and less) are not accepted anymore? And if so, would it not make more sense to set the limit then to <1023? Hope this description is quite clear, as I'm not an English native. rgds _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev