On 9/4/23 16:43, Joseph S. Testa II wrote:
I very often see IT personnel and developers simply use the default options for ssh-keygen. They just don't care/don't know to care. Switching the default to ED25519 would bring the equivalent security up from 112-bits to 128-bits (as 2048-bit RSA is equivalent to 112-bits of symmetric strength), which would be a nice improvement for the community at large.
I also see the default blindly being used in the majority of cases, hence a change of the default towards improved security is what is needed. If one looks long enough for drawbacks one will find some and might never move forward. Thereby I'd like to express support for the proposed change despite the discussed questions.
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev