Hello,
I've read the recent "legacy key length" thread and would like to
point out one more aspect.
As I'm using OpenSSH on macOS for quite some time already, I encountered the
awesome error message about "invalid key length" since the last High
Sierra Update to 10.13.2.
During my investigations I found out that macOS now uses OpenSSH_7.6p1 and
LibreSSL 2.6.2. Looking through the releae notes of 7.6p1 it turned out that the
forecasted deprecation of RSA keys length <1024 was executed (before it was
768 bits). Fair.
Moving further, I recognized to my surprise, that my private key which I
generated back in April 2016 was created with 1023 bit, according to
"openssl rsa -text -noout -in ~/.ssh/id_rsa". From cryptographic
perspective this seems to be totally fine and equal to 1024, as it's all
about the interpretation of the most significant bit of the combination of the
two 512 prime factors (hence it can be 1023, 1024 or 1025).
My question now is, how does OpenSSH interprete this? Does it really mean, that
any bit smaller than exactly 1024 bit (so 1023 and less) are not accepted
anymore? And if so, would it not make more sense to set the limit then to
<1023?
Hope this description is quite clear, as I'm not an English native.
rgds