Legacy option for key length?

Ben Lindstrom mouring at offwriting.org
Tue Jan 2 17:03:44 AEDT 2018


David Newall wrote:
> I think a very good question which needs to be asked is, what value 
> does disallowing shorter keys bring over severely deprecating them 
> (i.e. allowing them by use of command argument on a per-session 
> basis)?  I cannot see a single benefit; it won't stop use of shorter 
> keys, it will just stop use of the latest openssh.
At what point is the security hole so great that "deprecation" is no 
longer acceptable?  I can point out 20+ year old devices still running 
sshv1 only protocol. Do we need to keep this complexity until that 
number is zero?   Even though it has been broken and known insecure for 
decades.

And how many annoying "Do you really want to do this?" type questions do 
you prompt the user and assume it is "fine"?

This is an honest question as that seems to be the core of the issue.  
What balance between known insecure, complexity (allowing low value keys 
in the client, prompting the user to verify they want to do this, and 
disabling it in the server), and removing proven insecure features?

Ben



More information about the openssh-unix-dev mailing list