On 04/09/23, Felix Fehlauer (felix.fehlauer@xxxxxxxxxxxx) wrote: > On 9/4/23 16:43, Joseph S. Testa II wrote: > > I very often see IT personnel and developers simply use the default > > options for ssh-keygen. ... > I also see the default blindly being used in the majority of cases, hence a > change of the default towards improved security is what is needed. ... Somewhat off topic, but the book "Nudge" by Thaler and Sunstein promotes the idea of "better" defaults. https://en.wikipedia.org/wiki/Nudge_(book The book is associated with libertarian paternalism, two aspects that are likely to come up in debate about this topic, and by extension the fascinating work on perceptions of risk by Kahneman and Tversky. (I found "The Undoing Project" a good read.) Libertarian paternalism is an odd mix. The libertarian aspect is described by the authors of Nudge as "...people should be free to do what they like-and to opt out of undesirable arrangements if they want to do so", while they describe paternalism as it being "... legitimate for choice architects to try to influence people's behavior in order to make their lives longer, healthier, and better." There are some good examples in the book of better defaults providing better outcomes. Personally I like the idea of making ed25519 keys the default. Rory _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev