I came across an interesting article[1] about more secure SSH configurations. What do our resident cryptographers think about this? Would it make sense to adjust FreeBSD defaults accordingly? [1] https://stribika.github.io/2015/01/04/secure-secure-shell.html -- Greg Rivers
Hi, I can't comment much on the elliptic-curve stuff, but I think it's a bit of a stretch to say that SHA-1 isn't safe for use in a KDF. Just my two cents, Jon> Greg Rivers <mailto:gcr+freebsd-security at tharned.org> > 11 January 2015 at 21:52 > I came across an interesting article[1] about more secure SSH > configurations. What do our resident cryptographers think about this? > Would it make sense to adjust FreeBSD defaults accordingly? > > [1] https://stribika.github.io/2015/01/04/secure-secure-shell.html >-- Jonathan Anderson jonathan at FreeBSD.org
Dne 12.1.2015 v 2:22 Greg Rivers napsal(a):> I came across an interesting article about more secure SSH > configurations.> [...] You may also want to consult The applied crypto hardening book draft at https://bettercrypto.org/ if you are looking for some "instant" security inspiration. -- Regards Ondra Knezour