Good ${greeting_time}, Benny!

09 Nov 2015 22:59:56, you wrote to me:

 BP>>> anyone on 7.1 that can still make ssh root logins ?
 AV>> OpenSSH 7.* is dangerous by default in most systems, as it permits
 AV>> use of weakened algorithms with (intentionally?) reduced key size.
 BP> its a CVE-2015-5600 now

Not exactly what I mean...

 BP> in gentoo follow bug # 555518
 BP> https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys
 BP> .html

"Your best option is to generate new keys using strong algos such as rsa
or ecdsa or ed25519."

People who think ECDSA is strong are just idiots, as it's one of those
intentionally weakened algorithms. Sorry, no more details on this for now,
except that I had to add BF256-CFB support to ${subj}, making its' first "S"
letter to carry some sence, and adding GOST 28147-89 is on my agenda.

ED25519 may be slightly better, but it didn't yet prove itself to be good.

So, for now, that leaves only one option: RSA with at least 8192 bits key.

 AV>> ... god@universe:~ # cvs up && make world
 BP> looks like gentoo :)

That's for ${origin}, and it launches a bunch of rpmbuild :-)


--
Alexey V. Vissarionov aka Gremlin from Kremlin
gremlin.ru!gremlin; +vii-cmiii-cmlxxvii-mmxlviii

... :wq!
--- /bin/vi