Settable minimum RSA key sizes on the client end for legacy devices.
Steve Sether
steve at sether.org
Mon Dec 30 03:38:05 AEDT 2019
I think it's entirely reasonable to have a default setting of 1024 bits
for the minimum key size. That satisfies the requirement of trying to
prevent human mistakes. But if you really want to go and over-ride the
recommended settings, that's your business.
For instance, both curl and wget have options to not check the ssl
certificate. That essentially obviates ssl since MitM attacks become
trivial. Firefox allows you to do this as well, though it's obscure:
https://www.techwalla.com/articles/how-to-disable-invalid-ssl-in-firefox
On 12/29/19 3:46 AM, Philipp Marek wrote:
>> Unix was not designed to stop you from doing stupid things, because
>> that would also stop you from doing clever things.
>> - Doug Gwyn, in Introducing Regular Expressions (2012) by Michael
>> Fitzgerald
>
> Please note that this mostly applies to the priviledged administrative
> account - as long as a you're a normal user the other users should be
> protected from your mistakes. (g+w etc. is already "extended rights" ;)
>
>
> In engineering, one of the major points is to foresee potential human
> mistakes - and to take precautions to prevent them.
>
> I see that SSH key length issue similar to operating big machinery -
> you're protected as long as you use it normally; to tear a limb off
> you need to become inventive.
>
> (Search the internet for images "two-hand control".)
More information about the openssh-unix-dev
mailing list