Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 8 Aug 2016 14:21:26 -0400
From:      Allan Jude <allanjude@freebsd.org>
To:        freebsd-current@freebsd.org
Subject:   Re: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0
Message-ID:  <6e97cb0a-0f9b-b60c-a762-454c3f257903@freebsd.org>
In-Reply-To: <CAG6CVpV0tVCE%2BDyHTgMF6CzRBnV8YNs92DY3c7k13SY7Trhn3w@mail.gmail.com>
References:  <20160805015918.GI43509@FreeBSD.org> <86CE9314-487D-4D63-8CE1-34F167765EC5@freebsd.org> <CAG6CVpV0tVCE%2BDyHTgMF6CzRBnV8YNs92DY3c7k13SY7Trhn3w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2016-08-08 14:17, Conrad Meyer wrote:
> The OpenSSH defaults are intentionally sane.  RSA 2048 is anticipated
> to be fine for the next 10 years.  It would not be a bad choice.  I'm
> not aware of any reason not to use EC keys, and presumably the openssh
> authors wouldn't ship them as an option if they knew of any reason to
> believe they were compromised.
> 
> Best,
> Conrad
> 
> On Mon, Aug 8, 2016 at 10:56 AM, Devin Teske <dteske@freebsd.org> wrote:
>> Which would you use?
>>
>> ECDSA?
>>
>> https://en.wikipedia.org/wiki/Elliptic_curve_cryptography <https://en.wikipedia.org/wiki/Elliptic_curve_cryptography>;
>>
>> "" In the wake of the exposure of Dual_EC_DRBG as "an NSA undercover operation", cryptography experts have also expressed concern over the security of the NIST recommended elliptic curves,[31] <https://en.wikipedia.org/wiki/Elliptic_curve_cryptography#cite_note-31>; suggesting a return to encryption based on non-elliptic-curve groups. ""
>>
>> Or perhaps RSA? (as des@ recommends)
>>
>> (not necessarily to Glen but anyone that wants to answer)
>> --
>> Devin
>>
>>
>>> On Aug 4, 2016, at 6:59 PM, Glen Barber <gjb@FreeBSD.org> wrote:
>>>
> This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH,
> and will be deprecated effective 11.0-RELEASE (and preceeding RCs).
> 
> Please see r303716 for details on the relevant commit, but upstream no
> longer considers them secure.  Please replace DSA keys with ECDSA or RSA
> keys as soon as possible, otherwise there will be issues when upgrading
> from 11.0-BETA4 to the subsequent 11.0 build, but most definitely the
> 11.0-RELEASE build.
> 
> Glen
> On behalf of: re@ and secteam@
> 

As far as I know, the "advantage" to ED25519 keys, is that you can build
openssh without openssl, if you forgo supporting RSA etc.


-- 
Allan Jude

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6e97cb0a-0f9b-b60c-a762-454c3f257903>