[patch] ssh-keygen(1): generate Ed25519 keys when invoked without arguments
Felix Fehlauer
felix.fehlauer at fs.ei.tum.de
Tue Sep 5 07:17:25 AEST 2023
On 9/4/23 16:43, Joseph S. Testa II wrote:
> I very often see IT personnel and developers simply use the default
> options for ssh-keygen. They just don't care/don't know to care.
> Switching the default to ED25519 would bring the equivalent security
> up from 112-bits to 128-bits (as 2048-bit RSA is equivalent to 112-bits
> of symmetric strength), which would be a nice improvement for the
> community at large.
I also see the default blindly being used in the majority of cases,
hence a change of the default towards improved security is what is needed.
If one looks long enough for drawbacks one will find some and might
never move forward. Thereby I'd like to express support for the proposed
change despite the discussed questions.
More information about the openssh-unix-dev
mailing list