[Ach] missing recommendations for ssh-keys

Hanno Böck hanno at hboeck.de
Sat May 24 23:34:45 CEST 2014


On Fri, 23 May 2014 19:09:00 +0200
Sven Kieske <svenkieske at gmail.com> wrote:

> I ended up useing something like
> 
> ssh-keygen -t rsa -b 4096

I'd sum up my personal recommendations:
* Avoid RSA keys below 2048 bits, create new keys with 4096 bits but
  2048 bit keys can stay if you already have them
* Avoid DSA keys
* Avoid ECDSA keys
* If you like to have fancy new elliptic curve stuff use an ed25519 key
  instead of ecdsa. But RSA-only is okay, because you'll likely need
  that anyway for compatibility reasons
* Completely avoid SSH v1 keys


-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140524/05dac473/attachment.sig>


More information about the Ach mailing list