On 10.06.22 16:50, Dmitry Belyavskiy wrote:
There is a need to increase RSA key requirements to make the installations more secure. Just updating the default compiled-in value isn't an option because it may significantly break legacy systems compatibility. This PR [1] introduces a new configuration option MinRSABits to be managed for security's sake. If this approach is OK for upstream, please let me know and I will improve this PR according to the feedback.
I realize that with the *current* selection of algorithms available in OpenSSH, fine-grained control of minimum key size almost(!) is an RSA-only topic, but nonetheless I wonder whether newly-defined config syntax thereto should be aimed at extensibility to other cryptalgorithms ...
Regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
