SoylentNews is people
SoylentNews
from the if-only-i-remember-where-I-laid-them-down dept.
Arthur T Knackerbracket has found the following story:
Whether you're a software developer or a sysadmin, I bet you're using SSH keys. Pushing your commits to Github or managing your Unix systems, it's best practice to do this over SSH with public key authentication rather than passwords. However, as time flies, many of you are using older keys and not aware of the need to generate fresh ones to protect your privates much better. In this post I'll demonstrate how to transition to an Ed25519 key smoothly, why you would want this and show some tips and tricks on the way there.
If you've created your key more than about four years ago with the default options it's probably insecure (RSA < 2048 bits). Even worse, I've seen tweeps, colleagues and friends still using DSA keys (ssh-dss in OpenSSH format) recently. That's a key type similar to RSA, but limited to 1024 bits size and therefore recommended against for a long time. It's plainly insecure and refused for valid reasons in recent OpenSSH versions (see also the changelog for 7.0).
The sad thing about it is that I see posts on how to re-enable DSA key support rather than moving to a more secure type of key. Really, it's unwise to follow instructions to change the configuration for PubkeyAcceptedKeyTypes or HostKeyAlgorithms (host keys are for a later post). Instead, upgrade your keys!
Compare DSA with the technology of locks using keys like this one. You wouldn't want this type of key to unlock your front door, right?
List all your keys:
You're probably thinking... "I'm using my key for a long time, I don't want to change them everywhere now." Valid point, but you don't have to! It's good to know you can have multiple keys on your system and your SSH client will pick the right one for the right system automatically.
It's part of the SSH protocol that it can offer multiple keys and the server picks the one your client will have to prove it has possession of the private key by a challenge. See it in action adding some verbosity to the SSH connect command (-vvv). Also if you're using an SSH agent you can load multiple keys and it will discover them all. Easy as that.
(Score: 0) by Anonymous Coward on Monday September 26 2016, @05:37AM
Give me 8192 bits or give me death.
I don't think 4096 qubits will be required to factor 4096 bit RSA: http://phys.org/news/2014-11-largest-factored-quantum-device.html [phys.org]
(Score: 1) by drgibbon on Tuesday September 27 2016, @02:12AM
You might like to check out GnuPG FAQs "Why doesn’t GnuPG default to using RSA-4096? [gnupg.org]" and "Why do people advise against using RSA-4096? [gnupg.org]".
Certified Soylent Fresh!
(Score: 0) by Anonymous Coward on Tuesday September 27 2016, @06:20PM
I've read these explanations before. I find them to be bullshit. There could be a classical attack against RSA that lowers the key strength, or a quantum attack that ruins RSA forever. The first would probably be known only to the NSA, and they'll use it for years before it gets made public. The second could at least be made more difficult by an order of a few months or a year by using the 8192 key size.
(Score: 1) by drgibbon on Wednesday September 28 2016, @05:52AM
Well, the point is that there are apparently diminishing returns with increasing RSA keysize;
Almost always when people use 4096-bit RSA they’re doing so because they believe RSA-4096 to be much stronger than it is. The United States’ National Institute of Standards and Technology (NIST) states that RSA-2048 gives roughly 112 bits of security and RSA-3072 gives roughly 128. There is no formal recommendation on where RSA-4096 lies, but the general consensus is that it would come in somewhere around 140 bits — 28 bits of improvement over RSA-2048. This is an improvement so marginal that it’s really not worth mentioning.
If you need more security than RSA-2048 offers, the way to go would be to switch to elliptical curve cryptography — not to continue using RSA.
I use RSA-4096 myself, and I might look into switching over to elliptical curve, but from the sounds of it RSA-8192 doesn't seem like a big benefit. Each to their own though.
Certified Soylent Fresh!