[FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0
dteske at freebsd.org
Mon Aug 8 17:56:37 UTC 2016
Which would you use?
"" In the wake of the exposure of Dual_EC_DRBG as "an NSA undercover operation", cryptography experts have also expressed concern over the security of the NIST recommended elliptic curves, <https://en.wikipedia.org/wiki/Elliptic_curve_cryptography#cite_note-31> suggesting a return to encryption based on non-elliptic-curve groups. ""
Or perhaps RSA? (as des@ recommends)
(not necessarily to Glen but anyone that wants to answer)
> On Aug 4, 2016, at 6:59 PM, Glen Barber <gjb at FreeBSD.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH,
> and will be deprecated effective 11.0-RELEASE (and preceeding RCs).
> Please see r303716 for details on the relevant commit, but upstream no
> longer considers them secure. Please replace DSA keys with ECDSA or RSA
> keys as soon as possible, otherwise there will be issues when upgrading
> from 11.0-BETA4 to the subsequent 11.0 build, but most definitely the
> 11.0-RELEASE build.
> On behalf of: re@ and secteam@
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> -----END PGP SIGNATURE-----
> freebsd-announce at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-announce-unsubscribe at freebsd.org"
More information about the freebsd-current