[Ach] missing recommendations for ssh-keys
Hanno Böck
hanno at hboeck.de
Sat May 24 23:34:45 CEST 2014
On Fri, 23 May 2014 19:09:00 +0200
Sven Kieske <svenkieske at gmail.com> wrote:
> I ended up useing something like
>
> ssh-keygen -t rsa -b 4096
I'd sum up my personal recommendations:
* Avoid RSA keys below 2048 bits, create new keys with 4096 bits but
2048 bit keys can stay if you already have them
* Avoid DSA keys
* Avoid ECDSA keys
* If you like to have fancy new elliptic curve stuff use an ed25519 key
instead of ecdsa. But RSA-only is okay, because you'll likely need
that anyway for compatibility reasons
* Completely avoid SSH v1 keys
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140524/05dac473/attachment.sig>
More information about the Ach
mailing list