[Bug 2666] Ability to specify minimum RSA key size for user keys

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Feb 29 23:23:28 AEDT 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=2666

Petr Bodnar <p.bodnar at centrum.cz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |p.bodnar at centrum.cz

--- Comment #3 from Petr Bodnar <p.bodnar at centrum.cz> ---
(In reply to stefan.ss from comment #2)
> need this option also to allow again previous RSA minimum size
> default 768.
> 
> I know 768 is too small for security, 
> _but_ old puttygen version creates in ~50% RSA keys with 1023 bits,
> when using with the default of requested size 1024.
> 
> SSH_RSA_MINIMUM_MODULUS_SIZE was increased to 1024, so public key
> login no longer works with old public keys.
> 
> so enforced to stay on old openssh server version (7.4). 
> Cannot distribute new keys for this accounts.

100% agreed and voting for this issue resolution.

It is also questionable and maybe for a separate bug (?) why the
hard-coded limit was not set to 1023 when it is known that PuTTYgen
randomly generates(-ed) shorter keys when 1024 is (was) requested. See
this quote regarding 1023 key size from its old, but most probably
still valid
[documentation](https://the.earth.li/~sgtatham/putty/0.61/htmldoc/Chapter8.html):

> This is perfectly normal, and you do not need to worry. The lengths should only ever differ by one, and there is no perceptible drop in security as a result.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list