[kwlug-disc] Stronger SSH keys and SSL certificates
Khalid Baheyeldin
kb at 2bits.com
Mon Apr 21 18:14:24 EDT 2014
The NSA did backdoor certain things, for example the Elliptical Curve
Random Number Generator
https://en.wikipedia.org/wiki/Dual_EC_DRBG
The algorithm is in many libraries, such as OpenSSL, BSAFE (from RSA),
Microsoft and Cisco. Only BSAFE used it by default.
But that is the RNG, not a cipher.
So, again, what I am looking for is what options, besides more number of
bits, would be helpful in hardening certificates more than default settings.
For example, an SSL certificate for SoylentNews is:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
http://soylentnews.org/comments.pl?sid=993&cid=24444
I am mainly looking for for SSH keys, as well as SSL certificates.
--
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
Simplicity is the ultimate sophistication. -- Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140421/415bf578/attachment.htm>
More information about the kwlug-disc
mailing list