[kwlug-disc] Stronger SSH keys and SSL certificates

Khalid Baheyeldin kb at 2bits.com
Mon Apr 21 18:14:24 EDT 2014


The NSA did backdoor certain things, for example the Elliptical Curve
Random Number Generator

https://en.wikipedia.org/wiki/Dual_EC_DRBG

The algorithm is in many libraries, such as OpenSSL, BSAFE (from RSA),
Microsoft and Cisco. Only BSAFE used it by default.

But that is the RNG, not a cipher.

So, again, what I am looking for is what options, besides more number of
bits, would be helpful in hardening certificates more than default settings.

For example, an SSL certificate for SoylentNews is:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

http://soylentnews.org/comments.pl?sid=993&cid=24444

I am mainly looking for for SSH keys, as well as SSL certificates.
-- 
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140421/415bf578/attachment.htm>


More information about the kwlug-disc mailing list