FreeBSD Mail Archives

Date:      Fri, 11 Mar 2016 11:30:07 +0000
From:      Matthew Seaman <matthew@FreeBSD.org>
To:        freebsd-questions@freebsd.org
Subject:   Re: SSH and FreeBSD-11
Message-ID:  <56E2AC3F.2050907@freebsd.org>
In-Reply-To: <BLU436-SMTP83AD0FA9ED565F64127E4080B50@phx.gbl>
References:  <BLU437-SMTP603D7C238968280489261280B40@phx.gbl> <CALfReyewsKLUjMG8nnNMk=YHTvFUZWG0oGVNi8_FvBFNCmiQFA@mail.gmail.com> <CADyrUxPz7TzWApYduxyDn=GeznXqcZ4baRFiEKeCEXVDwN_DJQ@mail.gmail.com> <BLU436-SMTP83AD0FA9ED565F64127E4080B50@phx.gbl>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--jHQsJaG3unM6289O2ce5NBIK0fnoVHF29
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 03/11/16 10:01, Carmel wrote:
> On Fri, 11 Mar 2016 16:36:02 +0800, Jov stated:
>=20
>> > openssh in freebsd 11 will not generate dsa host key  any more=EF=BC=
=8CI
>> > have a pr about this.

> Thanks, I did not know it was a known issue. I had not read anything
> about it.

This site is quite instructive about where current SSH ciphers etc. have
known weaknesses:

http://stribika.github.io/2015/01/04/secure-secure-shell.html

DSA keys will have been deprecated because they only allow a 1024bit
modulus, and that's now known to be vulnerable to attack.  It takes
quite a well resourced attacker to do so right now, but Moore's law will
soon make that club a lot less exclusive.

	Cheers,

	Matthew



--jHQsJaG3unM6289O2ce5NBIK0fnoVHF29
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJW4qw/AAoJEABRPxDgqeTn8lIP/3SJutEVrGuF89ZPm+tHNyds
vkY+eSpn9RaOgPeIYDmCSEdQWvqMjPTelXZ+bXGWqd+E/FdUG87UvwpX3ssDOwHl
T8oeJxQJONyJ+NVuwpgjqjtGirTtFIHpO+4GtNb4TLEIz/2RWIdQFZB93/RTnCyK
5zgEvxIQ+IylQhSg2UW+2mnEVTg/LDhmsfUgRCtCyLXJD6aBJzhBJYGJ6TJP9g5b
NTTdB3+KZKBfaaLO+cKpSA9lunKFfjebYbWGy0nNMYgGyoXSi5JcqQmjBkA0bgim
BO7b72Pwo3PquNV7zGNXuS9RAyB8mSSUvZl8JsQzDV+v4b60UKY9Lqv5rhj9gXR1
wv67SXfwa907lJ4qsMKpGeLon8xyhVec/mqRLRl6Vu4p9jLfl1CXVsm3zZjyHx68
RrmDsTx/zjfoHu4F+icXvEO4t/amIkGs1cwiZYNPL9eJsLzAife6GOFZIZET96Yz
CQiAXemfWDsbZ7ixFUK66MUSZF6jrQ76qPBIsL2DnmB7LBVQTLAJCuW5B4g84UH0
Uh8aeoILxfritiV8xnUIRC+JQg4wKt++bRDOd8RuZyPhLmyynXWceBnAq2qNaAgH
FDWhv2/buja4jQdtvQqNW4Iqjr3Kz0zT2Ss4BfwVAjh3P4BJHXqMMB026k9SGllE
qmbyiMd5MIwkGAlhk3xA
=4QMI
-----END PGP SIGNATURE-----

--jHQsJaG3unM6289O2ce5NBIK0fnoVHF29--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56E2AC3F.2050907>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation