Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 8 submissions in the queue.

Submission Preview

Link to Story

Default OpenSSH-Portable RSA Private Key Encryption Is Poor

Accepted submission by canopic jug at 2018-08-04 09:00:08
Security

The Latacora firm has a blog post asserting that OpenSSH-portable has poor defaults for encrypting private RSA keys [micro.blog] because of its reliance on OpenSSL. The blog goes into why this is a problem and how you can test it for yourself.

There is nothing wrong with the generated RSA keys themselves, however, just the encryption of the private RSA keys -- if made using current defaults. There are two ways of encrypting RSA keys, an old and apparently insecure way, and a new key format available but not default. Newer key types like Ed25519 use only the new key format and are not bothered by this problem.

Earlier on SN:
WikiLeaks Unveils CIA Implants That Steal SSH Credentials From Windows, Linux PCs [soylentnews.org] (2017)
Upgrade Your SSH Keys [soylentnews.org] (2016)
OpenSSH 6.8 Will Feature Key Discovery and Rotation for Easier Switching to DJB's Ed25519 [soylentnews.org] (2015)


Original Submission