RSA key configuration limitations
Jochen Bern
Jochen.Bern at binect.de
Mon Jun 13 18:29:48 AEST 2022
On 10.06.22 16:50, Dmitry Belyavskiy wrote:
> There is a need to increase RSA key requirements to make the installations
> more secure. Just updating the default compiled-in value isn't an option
> because it may significantly break legacy systems compatibility. This PR
> [1] introduces a new configuration option MinRSABits to be managed for
> security's sake.
>
> If this approach is OK for upstream, please let me know and I will improve
> this PR according to the feedback.
I realize that with the *current* selection of algorithms available in
OpenSSH, fine-grained control of minimum key size almost(!) is an
RSA-only topic, but nonetheless I wonder whether newly-defined config
syntax thereto should be aimed at extensibility to other cryptalgorithms ...
Regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20220613/2c02cae1/attachment.p7s>
More information about the openssh-unix-dev
mailing list