From owner-freebsd-current@freebsd.org Mon Aug 8 18:21:31 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 241D9BB26C2 for ; Mon, 8 Aug 2016 18:21:31 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from mx1.scaleengine.net (mx1.scaleengine.net [209.51.186.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 06ED113D9 for ; Mon, 8 Aug 2016 18:21:30 +0000 (UTC) (envelope-from allanjude@freebsd.org) Received: from [192.168.1.10] (unknown [192.168.1.10]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id 979D015A2 for ; Mon, 8 Aug 2016 18:21:29 +0000 (UTC) Subject: Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0 To: freebsd-current@freebsd.org References: <20160805015918.GI43509@FreeBSD.org> <86CE9314-487D-4D63-8CE1-34F167765EC5@freebsd.org> From: Allan Jude Message-ID: <6e97cb0a-0f9b-b60c-a762-454c3f257903@freebsd.org> Date: Mon, 8 Aug 2016 14:21:26 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Aug 2016 18:21:31 -0000 On 2016-08-08 14:17, Conrad Meyer wrote: > The OpenSSH defaults are intentionally sane. RSA 2048 is anticipated > to be fine for the next 10 years. It would not be a bad choice. I'm > not aware of any reason not to use EC keys, and presumably the openssh > authors wouldn't ship them as an option if they knew of any reason to > believe they were compromised. > > Best, > Conrad > > On Mon, Aug 8, 2016 at 10:56 AM, Devin Teske wrote: >> Which would you use? >> >> ECDSA? >> >> https://en.wikipedia.org/wiki/Elliptic_curve_cryptography >> >> "" In the wake of the exposure of Dual_EC_DRBG as "an NSA undercover operation", cryptography experts have also expressed concern over the security of the NIST recommended elliptic curves,[31] suggesting a return to encryption based on non-elliptic-curve groups. "" >> >> Or perhaps RSA? (as des@ recommends) >> >> (not necessarily to Glen but anyone that wants to answer) >> -- >> Devin >> >> >>> On Aug 4, 2016, at 6:59 PM, Glen Barber wrote: >>> > This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH, > and will be deprecated effective 11.0-RELEASE (and preceeding RCs). > > Please see r303716 for details on the relevant commit, but upstream no > longer considers them secure. Please replace DSA keys with ECDSA or RSA > keys as soon as possible, otherwise there will be issues when upgrading > from 11.0-BETA4 to the subsequent 11.0 build, but most definitely the > 11.0-RELEASE build. > > Glen > On behalf of: re@ and secteam@ > As far as I know, the "advantage" to ED25519 keys, is that you can build openssh without openssl, if you forgo supporting RSA etc. -- Allan Jude