[patch] ssh-keygen(1): generate Ed25519 keys when invoked without arguments
Joseph S. Testa II
jtesta at positronsecurity.com
Tue Sep 5 00:43:11 AEST 2023
What I'm hearing in this thread is: "a minority of people on planet
Earth have a problem with the open-source implementation of ED25519,
but instead of letting that minority choose to re-implement it when/if
they want to, the rest of the community needs to stall their progress
in improving security."
And isn't the ED25519 code is already there on their machine? So isn't
that itself already a problem for that minority, regardless of whether
or not its used?
Either way, that minority can still use "-t rsa".
I very often see IT personnel and developers simply use the default
options for ssh-keygen. They just don't care/don't know to care.
Switching the default to ED25519 would bring the equivalent security
up from 112-bits to 128-bits (as 2048-bit RSA is equivalent to 112-bits
of symmetric strength), which would be a nice improvement for the
community at large.
--
Joseph S. Testa II
Founder & Principal Security Consultant
Positron Security
More information about the openssh-unix-dev
mailing list