wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-04-11 11:47:08 +02:00
Code Issues Projects Releases Wiki Activity

cloud-pre.yml: use 4096 bits for ssh rsa key (#14674)

Browse source 
The ssh-key we generated used 2048 bits while even openssh's ssh-keygen defaults to 3072 nowadays [0].

While RSA-2048 is probably ok (?) and what NIST recommends for keys until around 2030, its probably better to switch to more bits.

This is also just a temporary solution as we should also switch to ed25519.

Thanks to Dan M (@dmur1 or dan@hexarcana.ch) for pointing this out.

[0] 19d3ee2f3a/ssh-keygen.c (L83)
This commit is contained in:
Disconnect3d 2023-12-12 17:05:13 +01:00 committed by GitHub
parent 67aa5fe881
commit c9352a1801
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
playbooks/cloud-pre.yml
View file

@ -32,7 +32,7 @@
- name: Generate the SSH private key - name: Generate the SSH private key
openssl_privatekey: openssl_privatekey:
path: "{{ SSH_keys.private }}" path: "{{ SSH_keys.private }}"
size: 2048 size: 4096
mode: "0600" mode: "0600"
type: RSA type: RSA