Module Name: src
Committed By: riastradh
Date: Mon Jun 5 11:59:13 UTC 2023
Modified Files:
src/etc/rc.d: sshd
Log Message:
/etc/rc.d/sshd: Use default curve for ECDSA keygen, not NIST P-521.
The default is NIST P-256, which:
(a) has plenty of cryptanalytic security,
(b) performs better on essentially all platforms (smaller enough that
even the advantage of the Mersenne prime structure of P-521 can't
compete), and
(c) likely gets more scrutiny on implementations than P-521 since it's
more widespread.
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/etc/rc.d/sshd
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/etc/rc.d/sshd
diff -u src/etc/rc.d/sshd:1.34 src/etc/rc.d/sshd:1.35
--- src/etc/rc.d/sshd:1.34 Mon Jun 5 11:51:19 2023
+++ src/etc/rc.d/sshd Mon Jun 5 11:59:12 2023
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: sshd,v 1.34 2023/06/05 11:51:19 riastradh Exp $
+# $NetBSD: sshd,v 1.35 2023/06/05 11:59:12 riastradh Exp $
#
# PROVIDE: sshd
@@ -61,7 +61,7 @@ sshd_keygen()
printf "ssh-keygen: " && "${keygen}" -f "${f}" -l
new_key_created=true
done << _EOF
-ecdsa 521 ssh_host_ecdsa_key
+ecdsa -1 ssh_host_ecdsa_key
ed25519 -1 ssh_host_ed25519_key
rsa 0 ssh_host_rsa_key
_EOF
