[Bug 237391] Re: ssh-keygen should default to dsa not rsa
Neal McBurnett
neal at bcn.boulder.co.us
Wed Jun 4 19:59:09 BST 2008
I expect that someone someday will again make a bad random number
generator. Maybe some proprietary box that I am pressured to use. I
don't want my keys to be vulnerable just because I use them on a machine
that doesn't get RNGs right. DSA is vulnerable to that problem, and RSA
is not.
I agree that using a longer default key length in RSA (and in DSA also)
is a good idea at this point. E.g. jdstrand points out that in the
openssl file /etc/ssl/openssl.cnf default_bits is still 1024. That
should be fixed, via a different bug report.
--
ssh-keygen should default to dsa not rsa
https://bugs.launchpad.net/bugs/237391
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
More information about the Ubuntu-server-bugs
mailing list