Legacy option for key length?
Ben Lindstrom
mouring at offwriting.org
Tue Jan 2 17:03:44 AEDT 2018
David Newall wrote:
> I think a very good question which needs to be asked is, what value
> does disallowing shorter keys bring over severely deprecating them
> (i.e. allowing them by use of command argument on a per-session
> basis)? I cannot see a single benefit; it won't stop use of shorter
> keys, it will just stop use of the latest openssh.
At what point is the security hole so great that "deprecation" is no
longer acceptable? I can point out 20+ year old devices still running
sshv1 only protocol. Do we need to keep this complexity until that
number is zero? Even though it has been broken and known insecure for
decades.
And how many annoying "Do you really want to do this?" type questions do
you prompt the user and assume it is "fine"?
This is an honest question as that seems to be the core of the issue.
What balance between known insecure, complexity (allowing low value keys
in the client, prompting the user to verify they want to do this, and
disabling it in the server), and removing proven insecure features?
Ben
More information about the openssh-unix-dev
mailing list