Jochen Bern
2022-Nov-08 15:15 UTC
[patch] ssh-keygen(1): by default generate ed25519 key (instead of rsa)
On 07.11.22 05:39, Christoph Anton Mitterer wrote:> Shouldn't the defaults in general be whatever the most (S)ecure (as in > SSH) is? > Regardless of whether that is RSA, Ed25519 or something else in this > specific case.My .02: The most secu(R)e (as in "Resilient") default would encourage users to have at least *two* keypairs of different algos at hand. [I still remember the day after automated nightly updates had washed a vendor's panicky "let's disable DSA" into our platforms and I was the only sysadmin to *also* have an "old-fashioned, unnecessarily huge" *RSA* pubkey distributed onto the target machines] Regards, -- Jochen Bern Systemingenieur Binect GmbH -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3449 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20221108/85f169ce/attachment.p7s>