×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
On Mon, May 4, 2020 at 11:01 AM Greg Wilburn
<gwilburn@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
I think RSA is depreciated
https://security.stackexchange.com/questions/226131/openssh-declares-ssh-rsa-deprecated-what-do-i-do-next
Greg, the person who asked that question basically
misread/misunderstood the OpenSSH release document. What doesn't help
is that the answer given just quotes more of the same document (which
is pretty hard to understand for "normal" people, even in the context
of IT) rather than coming right out and clearing up the
misconceptions.
What the posted answer is saying, more plainly: It's not RSA, per se,
which is deprecated. It's SHA-1. The answer cites that RSA using SHA-2
is "better" (and by implication, not yet deprecated).
Another thing you'll often hear these days is that RSA keys of a
certain length are deprecated. But you can make longer RSA keys, and
sufficiently long ones may not (yet) be deprecated. For sure, 1024
bits is insufficient, for both RSA and DSA.
Now, the whole issue is fairly complex, because cryptography is
complex. It is true that some folks who study cryptography and
cryptography software do recommend against RSA completely. However, as
a practical matter, a lot of cryptosystems still use RSA and in all
likelihood will for some time yet.
Here are a couple of sources which I think address the original
question from Justin Taylor somewhat better:
https://security.stackexchange.com/questions/5096/rsa-vs-dsa-for-ssh-authentication-keys
https://www.thesecuritybuddy.com/encryption/dsa-vs-rsa/
John Y.
midrange.com
