OpenSSH 4.2 has been released (see Pro Linux, german only). As a start that’s not so important. Version bumps are common in the OpenSource community. But as a security enhancement they higher the default size of SSH-keys from 1024 to 2048, which makes sense in general primarily for the RSA-algorithm, which could be broken in the size of 1024. For paranoiac reason it makes sense to use 4096 RSA-keys to be on the bright side of security. But highering the SSH-keys is not enough, we need to get rid of MD5 and SHA1 completely, e.g. the /etc/shadow must use another algorithm, example whirlpool or SHA512; GnuPG uses SHA1, Gentoo’s portage uses MD5-checksums and so on. The free software community seems to deal with that problem like a dying duck in a thunderstorm. It’s high time to check out alternatives, it’s high time to take the cryptography experts seriously. I don’t understand them also but I think we have to trust.
And, for fun: my workmate told me, that SHA1 is mandatory for the security issues of banks. That’s too funny. If you think on the average duration if a law is changed here you shouldn’t do any online-banking from now on.
Filed under BreakMyGentoo, Gentoo, Linux, Security & no comments & no trackbacks
Trackback specific URI for this entry