[kwlug-disc] Stronger SSH keys and SSL certificates

Khalid Baheyeldin kb at 2bits.com
Mon Apr 21 18:14:24 EDT 2014

The NSA did backdoor certain things, for example the Elliptical Curve
Random Number Generator


The algorithm is in many libraries, such as OpenSSL, BSAFE (from RSA),
Microsoft and Cisco. Only BSAFE used it by default.

But that is the RNG, not a cipher.

So, again, what I am looking for is what options, besides more number of
bits, would be helpful in hardening certificates more than default settings.

For example, an SSL certificate for SoylentNews is:


I am mainly looking for for SSH keys, as well as SSL certificates.
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140421/415bf578/attachment.html>

More information about the kwlug-disc mailing list