> On Aug 8, 2016, at 12:39 PM, Bernard Spil <bern...@bachfreund.nl> wrote: > > Hi Devin, > > This resource documents the choices pretty well I think > https://stribika.github.io/2015/01/04/secure-secure-shell.html > <https://stribika.github.io/2015/01/04/secure-secure-shell.html> > Author has made some modifications up to Jan 2016 > https://github.com/stribika/stribika.github.io/commits/master/_posts/2015-01-04-secure-secure-shell.md > > <https://github.com/stribika/stribika.github.io/commits/master/_posts/2015-01-04-secure-secure-shell.md> > > The short answer then is ed25519 or rsa4096, disable both dsa and ecdsa. > > Even 6.5p1 shipped with 9.3 supports ed25519. > > Cheers, > > Bernard. >
Thanks for confirming, Bernard! -- Cheers, Devin > On 2016-08-08 19:56, Devin Teske wrote: >> Which would you use? >> ECDSA? >> https://en.wikipedia.org/wiki/Elliptic_curve_cryptography >> <https://en.wikipedia.org/wiki/Elliptic_curve_cryptography> >> <https://en.wikipedia.org/wiki/Elliptic_curve_cryptography >> <https://en.wikipedia.org/wiki/Elliptic_curve_cryptography>> >> "" In the wake of the exposure of Dual_EC_DRBG as "an NSA undercover >> operation", cryptography experts have also expressed concern over the >> security of the NIST recommended elliptic curves,[31] >> <https://en.wikipedia.org/wiki/Elliptic_curve_cryptography#cite_note-31 >> <https://en.wikipedia.org/wiki/Elliptic_curve_cryptography#cite_note-31>> >> suggesting a return to encryption based on non-elliptic-curve groups. >> "" >> Or perhaps RSA? (as des@ recommends) >> (not necessarily to Glen but anyone that wants to answer) >> -- >> Devin >>> On Aug 4, 2016, at 6:59 PM, Glen Barber <g...@freebsd.org> wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA256 >>> This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH, >>> and will be deprecated effective 11.0-RELEASE (and preceeding RCs). >>> Please see r303716 for details on the relevant commit, but upstream no >>> longer considers them secure. Please replace DSA keys with ECDSA or RSA >>> keys as soon as possible, otherwise there will be issues when upgrading >>> from 11.0-BETA4 to the subsequent 11.0 build, but most definitely the >>> 11.0-RELEASE build. >>> Glen >>> On behalf of: re@ and secteam@ >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v2 >>> iQIcBAEBCAAGBQJXo/L2AAoJEAMUWKVHj+KTG3sP/3j5PBVMBlYVVR+M4PUoRJjb >>> kShIRFHzHUV9YzTIljtqOVf/f/mw3kRHA4fUonID5AJlo23ht9cwGOvGUi5H3lBK >>> rnL9vsU9lvZoGyaHLpR/nikMOaRTa8bl1cdpULlEGH94HEzDuLT92AtAZ5HtdDEl >>> GcXRfTe3eGOaxcqNSF8NKSMQQ8rzbKmsgsa5Cbf0PYToemn3xyPAr+9Nz8tbSrlR >>> TrrFhzOR6+Ix0NcYJAKs6RUZ2kgbAheYF6nQmAHlJzyBihlfdfieJdysqNwSOQ8u >>> c7CyBLNFrGKqYTDVQI36MUwoyVtEqbOjt3cPitsMsD3fVAf05H7dHp/0iqrUghUs >>> 60HYOjfmvZxH5wvhEPdv/wPLAZeosdQgW8np3Y5cztw7cxZXF+PxoMjRcnXVpQ2c >>> QIZg3RsiQmJtAT4Z2OuvYikqGzrpsVido0um/KMM9b82XilJExxPPzgEpXCK3CE8 >>> 7TchzrRA/W27eST4VXoNYrrMlmpavur1IxvMS54fBOu98efTIoER6uJc1t7qcL6r >>> mEVmBoMqecg+auuWqz50Bh8K329dlYuGLMbk/Ktc3agXtpkw88ylDmC6l5N7qrnL >>> kSb4i3DboU7R1cltiin3c/P+ahwfKQdNH18QbN3utJuzSSRVvXq4laUGFlRhWEEx >>> bLbbH2fh5bxDmDXDMdCF >>> =LLtP >>> -----END PGP SIGNATURE----- >>> _______________________________________________ >>> freebsd-annou...@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-announce >>> To unsubscribe, send any mail to "freebsd-announce-unsubscr...@freebsd.org" >> _______________________________________________ >> freebsd-stable@freebsd.org <mailto:freebsd-stable@freebsd.org> mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-stable >> <https://lists.freebsd.org/mailman/listinfo/freebsd-stable> >> To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org >> <mailto:freebsd-stable-unsubscr...@freebsd.org>" _______________________________________________ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
