On Thursdayen den 25 April 2002 17.06, Florin wrote: > [EMAIL PROTECTED] (Oden Eriksson) writes: > > > according to the man page, key sizes longer than 1024 "no longer > > > improve security but make things slower. The default is 1024 bits." > > > > > > is it really worth it tyo use 2048, I wonder ? > > > > Yes I think so, since the RSA crypto has been cracked for some time now. > > I'm no crypto expert but I rather play safe... I think we should use the > > mesures given to improve security. If you don't want to use more than > > 1024 bits, don't, just change "Protocol 2,1" to "Protocol 1,2" in > > "sshd_config" or check the man page for ssh. > > > > At present with the current Mandrake package the default is to use > > protocol v2, RSA2 1024 bits. So what's the point to default to SSH > > protocol v2, and having two 1024 bits keys hanging around. > > Ok, > > I'll have a look at it and upload a new openssh package as I was about to > add a security patch too (it conerns only the openssh versions compiled > for kerberos ...)
Thanks. Yes I saw a notice about that security hole but didn't think it applied to Mandrake. -- Regards // Oden Eriksson
