OpenSSH 8.0 was released yesterday, one change being:
> * ssh-keygen(1): Increase the default RSA key size to 3072 bits,
> following NIST Special Publication 800-57's guidance for a
> 128-bit equivalent symmetric security level.
This points to
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf#page=66
GnuPG 2.2.15 still has RSA 2048 as default, although Debian (and
Debian-based distros) ship with 3072 as default.
I would be in favor of following OpenSSH and increasing the default RSA
key size to 3072 bits.
--
ilf
If you upload your address book to "the cloud", I don't want to be in it.
> * ssh-keygen(1): Increase the default RSA key size to 3072 bits,
> following NIST Special Publication 800-57's guidance for a
> 128-bit equivalent symmetric security level.
This points to
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf#page=66
GnuPG 2.2.15 still has RSA 2048 as default, although Debian (and
Debian-based distros) ship with 3072 as default.
I would be in favor of following OpenSSH and increasing the default RSA
key size to 3072 bits.
--
ilf
If you upload your address book to "the cloud", I don't want to be in it.