Module Name: src Committed By: riastradh Date: Mon Jun 5 11:59:13 UTC 2023
Modified Files: src/etc/rc.d: sshd Log Message: /etc/rc.d/sshd: Use default curve for ECDSA keygen, not NIST P-521. The default is NIST P-256, which: (a) has plenty of cryptanalytic security, (b) performs better on essentially all platforms (smaller enough that even the advantage of the Mersenne prime structure of P-521 can't compete), and (c) likely gets more scrutiny on implementations than P-521 since it's more widespread. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/etc/rc.d/sshd Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/etc/rc.d/sshd diff -u src/etc/rc.d/sshd:1.34 src/etc/rc.d/sshd:1.35 --- src/etc/rc.d/sshd:1.34 Mon Jun 5 11:51:19 2023 +++ src/etc/rc.d/sshd Mon Jun 5 11:59:12 2023 @@ -1,6 +1,6 @@ #!/bin/sh # -# $NetBSD: sshd,v 1.34 2023/06/05 11:51:19 riastradh Exp $ +# $NetBSD: sshd,v 1.35 2023/06/05 11:59:12 riastradh Exp $ # # PROVIDE: sshd @@ -61,7 +61,7 @@ sshd_keygen() printf "ssh-keygen: " && "${keygen}" -f "${f}" -l new_key_created=true done << _EOF -ecdsa 521 ssh_host_ecdsa_key +ecdsa -1 ssh_host_ecdsa_key ed25519 -1 ssh_host_ed25519_key rsa 0 ssh_host_rsa_key _EOF