[Bug 2666] Ability to specify minimum RSA key size for user keys
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Feb 29 23:23:28 AEDT 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=2666
Petr Bodnar <p.bodnar at centrum.cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |p.bodnar at centrum.cz
--- Comment #3 from Petr Bodnar <p.bodnar at centrum.cz> ---
(In reply to stefan.ss from comment #2)
> need this option also to allow again previous RSA minimum size
> default 768.
>
> I know 768 is too small for security,
> _but_ old puttygen version creates in ~50% RSA keys with 1023 bits,
> when using with the default of requested size 1024.
>
> SSH_RSA_MINIMUM_MODULUS_SIZE was increased to 1024, so public key
> login no longer works with old public keys.
>
> so enforced to stay on old openssh server version (7.4).
> Cannot distribute new keys for this accounts.
100% agreed and voting for this issue resolution.
It is also questionable and maybe for a separate bug (?) why the
hard-coded limit was not set to 1023 when it is known that PuTTYgen
randomly generates(-ed) shorter keys when 1024 is (was) requested. See
this quote regarding 1023 key size from its old, but most probably
still valid
[documentation](https://the.earth.li/~sgtatham/putty/0.61/htmldoc/Chapter8.html):
> This is perfectly normal, and you do not need to worry. The lengths should only ever differ by one, and there is no perceptible drop in security as a result.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list