SSH and FreeBSD-11
Matthew Seaman
matthew at FreeBSD.org
Fri Mar 11 11:30:21 UTC 2016
On 03/11/16 10:01, Carmel wrote:
> On Fri, 11 Mar 2016 16:36:02 +0800, Jov stated:
>
>> > openssh in freebsd 11 will not generate dsa host key any more,I
>> > have a pr about this.
> Thanks, I did not know it was a known issue. I had not read anything
> about it.
This site is quite instructive about where current SSH ciphers etc. have
known weaknesses:
http://stribika.github.io/2015/01/04/secure-secure-shell.html
DSA keys will have been deprecated because they only allow a 1024bit
modulus, and that's now known to be vulnerable to attack. It takes
quite a well resourced attacker to do so right now, but Moore's law will
soon make that club a lot less exclusive.
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20160311/cde52ed0/attachment.sig>
More information about the freebsd-questions
mailing list