> > I has been brought to our attention that the host keys created by the > > default SSH daemon configuration are too weak. > > Citation needed please. According to who are DSA keys bad? OpenSSH's own > "make host-key" installs a DSA key (in addition to RSA and ECDSA keys).
Section 2.1: 1024bit keys should be phased out by 2010 http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_PART3_key-management_Dec2009.pdf More recent revision 5.6.2: lists 1024bit DSA/RSA as weak: http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf _______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev