279

OpenSSH is about to change. (For the better.) (youtu.be)

submitted 7 months ago* (last edited 7 months ago) by ademir@lemmy.eco.br to c/linux@lemmy.ml

40 comments fedilink hide all child comments

OpenSSH's ssh-keygen command just got a great upgrade.

New video from @vkc@mspsocial.net

Edit:

She has a peertube channel: !veronicaexplains@tinkerbetter.tube and it federatess as a Lemmy Community

The Peertube video in Lemmy.ml: https://lemmy.ml/post/8842820

Link to the video in your instance.

you are viewing a single comment's thread
view the rest of the comments

[-] lntl@lemmy.ml 39 points 7 months ago

i don't think I've created an RSA key since 2017

[-] aard@kyu.de 19 points 7 months ago

A surprising amount of services (including Azure last I tried) can only handle RSA keys, so after trying ecdsa only for a while I ended up adding a RSA key again.

With that said - it's 2023, in almost all cases you should have your keys in a hardware module nowadays, in which case you'd use a different command for keygeneration.

[-] fossisfun@lemmy.ml 10 points 7 months ago* (last edited 7 months ago)

Actually it is the same story with TLS 1.3 and TLS 1.2. A bunch of sites still doesn't support TLS 1.3 (e. g. arstechnica.com, startpage.com) and some of them only support TLS 1.2 with RSA (e. g. startpage.com).

You can try this yourself in Firefox by disabling ciphers (search for security.ssl3 in about:config) or by setting the minimum TLS version to 1.3 (security.tls.version.min = 4 in about:config).

[-] deepdive@lemmy.world 3 points 7 months ago

Strange enough TLS 1.3 still doesn't support signed ed25519 certificates :| P‐256, NIST P‐384 or NIST P‐521 curves are known to be "backdoored" or having deliberately chosen mathematical weakness. I'm not an expert and just a noob security/selfhoster enthusiast but I don't want to depend on curves made by NSA or other spy agencies !

I also wondering if the EU isn't going to implement something similar with all their new spying laws currently discussed...

[-] LaggyKar@programming.dev 3 points 7 months ago

AFAIK, they're not known to be backdoored, only suspected

[-] deepdive@lemmy.world 2 points 7 months ago

Yeah wrong wording, but the fact that we have to depend mostly on NSA's cryptographic schemes makes it very suspicious !

load more comments (7 replies)

load more comments (13 replies)

this post was submitted on 04 Dec 2023

279 points (90.4% liked)

Linux

45457 readers

2164 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz