Hey Clemens, > what do you think about my recent OpenSSH patches (not the version bumps) but > enabling the sandbox per default (to use seccomp if available) and the switch > from DSA to Ed25519. ArchLinux and current Debian both generate Ed25519 > pubkeys by default and add them as HostKey to sshd_config. > They keep DSA and ECDSA but as they fall apart completely if the random > numbers used are not good, I am not sure this is a good idea for embedded > systems where entropy is often very scarce. Ed25519 is not that sensitive to > entropy problems.
I agree, when possible we should use ed25519. Adam Langley blog entry[1]. /Bruno [1] https://www.imperialviolet.org/2013/06/15/suddendeathentropy.html -- ptxdist mailing list ptxdist@pengutronix.de
