Re: [patch] ssh-keygen(1): generate Ed25519 keys when invoked without arguments

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


What I'm hearing in this thread is: "a minority of people on planet
Earth have a problem with the open-source implementation of ED25519,
but instead of letting that minority choose to re-implement it when/if
they want to, the rest of the community needs to stall their progress
in improving security."

And isn't the ED25519 code is already there on their machine?  So isn't
that itself already a problem for that minority, regardless of whether
or not its used?

Either way, that minority can still use "-t rsa".

I very often see IT personnel and developers simply use the default
options for ssh-keygen.  They just don't care/don't know to care.
 Switching the default to ED25519 would bring the equivalent security
up from 112-bits to 128-bits (as 2048-bit RSA is equivalent to 112-bits 
of symmetric strength), which would be a nice improvement for the
community at large.

Joseph S. Testa II
Founder & Principal Security Consultant
Positron Security

openssh-unix-dev mailing list

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux