similar to: 1024-bit RSA keys in danger of compromise

Does this version implement the ability to be run under Dan Bernstein's supervise/multilog utilities? I.e. can sshd be told not to daemonize and log all messages to stdout/stderr instead of syslog? Thanks, -- Jos Backus _/ _/_/_/ "Modularity is not a hack." _/ _/ _/ -- D. J. Bernstein _/

Hello, Sometime ago min rsa key length was increased to 1024 bit and i have a little understanding problem with this. I hope somebody with some crypto-experience can enlighten me. To make that clear, that is not about allowing lower keys in general. Personally i would tend to use even longer keys(2048bit+). However Due nature of RSA-algorithm in case of 1024bit this might result in a key

How about adding a --no-detach option (to be used in combination with --daemon) to rsync so it can be run under Dan Bernstein's daemontools' supervise? If there's interest I'll provide a patch. -- Jos Backus _/ _/_/_/ Santa Clara, CA _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/

In the past 24 hours multiple persons have contacted me regarding the use of elliptic curve cryptography in tinc 1.1 in light of the suspicion that the NSA might have weakened algorithms and/or elliptic curves published by NIST. The new protocol in tinc 1.1 (SPTPS) uses ECDH and ECDSA to do session key exchange and authentication, in such a way that it has the perfect forward secrecy (PFS)

In the past 24 hours multiple persons have contacted me regarding the use of elliptic curve cryptography in tinc 1.1 in light of the suspicion that the NSA might have weakened algorithms and/or elliptic curves published by NIST. The new protocol in tinc 1.1 (SPTPS) uses ECDH and ECDSA to do session key exchange and authentication, in such a way that it has the perfect forward secrecy (PFS)

Changes since OpenSSH 6.4 ========================= This is a feature-focused release. New features: * ssh(1), sshd(8): Add support for key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein's Curve25519. This key exchange method is the default when both the client and server support it. * ssh(1), sshd(8): Add support for Ed25519 as a public key type. Ed25519 is a

https://bugzilla.mindrot.org/show_bug.cgi?id=2650 Bug ID: 2650 Summary: UpdateHostKeys ignores RSA keys if HostKeyAlgorithms=rsa-sha2-256 Product: Portable OpenSSH Version: 7.4p1 Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=3213 Bug ID: 3213 Summary: openssh 8.3p1 will not use any type of RSA key for legacy servers if ssh-rsa is not in PubkeyAcceptedKeyTypes Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW

https://bugzilla.mindrot.org/show_bug.cgi?id=2306 Bug ID: 2306 Summary: ssh-add 6.7 inserts RSA keys into the ssh-agent as "rsa w/o comment" instead of filenames Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: normal

[ Sorry, I incorrectly copied some Reference headers into this post and tacked it onto the wrong thread. -Steve ] So far, I have been able to receive incoming iaxtel calls via my assigned 1-700-xxx-xxxx number, but only when using md5 authentication in iax.conf: [iaxtel] type=user ; Incoming calls only context=incoming auth=md5 secret=<mysecret> ; Required for

Hi, I'm doing some test with a pkcs11 token that can only sign short messages. When connecting to one server, that reports pkalg rsa-sha2-512 blen 151, it fails to sign the pubkey because it is 83 bytes long. (sshd: OpenSSH_7.3p1) A older server that reports pkalg ssh-rsa blen 151, works perfectly as the pubkey signature required is only 35 bytes long. (sshd: OpenSSH_6.7p1) I am not sure

In the source code of openssh(my source code is 6.0 for Openbsd?? The content below is Rsa.h #ifndef RSA_H #define RSA_H #include <openssl/bn.h> #include <openssl/rsa.h> void rsa_public_encrypt(BIGNUM *, BIGNUM *, RSA *); int rsa_private_decrypt(BIGNUM *, BIGNUM *, RSA *); void rsa_generate_additional_parameters(RSA *); #endif /* RSA_H */ Question:

I have noticed that OpenSSH clients (at least version 5.1p1) occasionally send an RSA signature during the handshake phase such that if the RSA key pair used to generate it happens to be associated to an N-byte long modulus, the signature is N - 1 bytes long. My question is, Is this behavior correct? I mean, an RSA signature is an unstructured byte string, and therefore any leading zeros should be

I?ve got a couple of issues with a new mail server set up? I?m getting the following error: warning: cannot get RSA certificate from file /etc/pki/dovecot/certs/<mycert>.pem: disabling TLS support The problem is that <mycert>.pem isn?t an RSA ticket, but a X509 certificate. The RSA ticket is in /etc/pki/dovecot/private directory. I checked both files and they are good certificates.

Hello, It seems there is some rights problem with https://download.gluster.org/pub/gluster/glusterfs/nfs-ganesha/rsa.pub <https://download.gluster.org/pub/gluster/glusterfs/nfs-ganesha/rsa.pub> : wget -O /dev/null https://download.gluster.org/pub/gluster/glusterfs/nfs-ganesha/rsa.pub <https://download.gluster.org/pub/gluster/glusterfs/nfs-ganesha/rsa.pub> --2017-01-23 19:28:47--

I'm using the most up to date version of openssh on OL8 that I can patch to (OpenSSH_8.0p1), I've used update-crypto-policies to disallow the use of ssh-rsa, but apparently am connecting to a host that uses ssh-rsa. I've tried adding HostkeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com or HostkeyAlgorithms

I don't remember what we did to fix this last time, and I've had to rebuild my system completely from scratch over the past few days, so dont' have past patches to work from ... new-relay:/usr/slocal/src/openssh-1.2pre15> make gcc -g -O2 -Wall -I/usr/slocal/include -DETCDIR=\"/usr/local/etc/ssh\" -DSSH_PROGRAM=\"/usr/slocal/bin/ssh\" -DHAVE_CONFIG_H -c

Hi, I'd like to setup oneway connection - so asteriskB can place calls on asteriskA and be safely authenticated with rsa keys. I just don't get any response on asteriskA. I've generated pair of keys: name.key, name.pub and put them on both servers - is it right to only have name.key on asteriskA and name.pub on asteriskB ? I get everybody is busy ... on asteriskB, and none

Is there a security issue with turning an RSA1 key into an RSA key? One might want to do this, e.g., to move to protocol 2 without having to update authorized_keys files. I thought there was a problem with this, but Google doesn't find anything. thanks /fc

Hi, Acording with http://www.voip-info.org/wiki-Asterisk+iax+rsa+auth, both sides should have "auth=rsa" in their respective section at iax.conf. But i've found that if server includes this option, the client keeps saying "No way to send secret to peer". My links with FWD and Iaxtel are working fine, this is a test i m doing with 2 asterisks i configured. Also, if i use