Re: [patch] ssh-keygen(1): by default generate ed25519 key (instead of rsa)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Mon, 7 Nov 2022, Darren Tucker wrote:

> On Mon, 7 Nov 2022 at 00:51, Job Snijders <job@xxxxxxxxxxx> wrote:
> [...]
> > Perhaps now is a good time to make Ed25519 the default when invoking
> > ssh-keygen(1) without arguments?
> 
> I don't think so.  Outside of DSA (which is REQUIRED in RFC4253 but is
> considered weak these days), RSA keys are the most widely supported
> key type and thus most likely to work in any given situation, which
> makes them an appropriate default.  If you know this is not the case
> for your environment, that's what "-t" is for.

I don't mind using defaults to apply a little nudge towards better
algorithms. OpenSSH has supported ed25519 keys for almost a decade,
and RFC 8709 has been a standard for a couple of years.

So I'm cautiously supportive of doing this.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux