search for: rsa768

Hey there all, I'm mentioning this as a "dev" issue because it's "Docs and Website", not as a general "usage" question. A few years back, I started a thread about RSA768 not being available in SSH client any more, because I had lost access to my APC power strips (which are on a NAT'd network, inside a data center, as a result). I argued that "look, I know what I'm doing, I know this is safe, please don't make me recompile the binary, or worse,...

...ts and the VPN. Basically, the only time you need to log into these is when you go to reboot something that's down. Their web UI with SSL doesn't work with modern browsers. Their CPU is...tiny, and their SSHd implementation is...old (and, I believe, proprietary). I think it defaults to RSA768, and even then, takes a good 15 seconds to let you log in. When trying to SSH to them most recently from a recent copy of MacOS, I got the "Invalid Key Length" error. I googled around for the release note and the source code commit that had produced this, and then tried looking for w...

...ur approach. It's the same reason we've never implemented the null cipher and also one of the reasons we removed SSHv1. We try to balance compatibility with avoiding danger. This is why it's still possible to explicitly enable (weak, but AFAIK not broken) DSA keys if you need them, but RSA768 has actually been demonstrated to be broken with an academic team factoring a key back in 2009 at a work factor that is easily reachable by a medium botnet or cloud service. Adding a switch to turn these back on would be IMO irresponsible. If you think this is overly parentalistic and that an expe...