[cfarm-users] Is RSA really insecure?
Gregor Riepl
onitake at gmail.com
Thu Dec 14 03:30:55 CET 2023
> This is a pet peeve of mine: unless you have a citation for an actual
> viable attack on RSA as used in SSH, or perhaps on the protocol SSH uses
> for RSA-based authentication, this is *not* insecure at all and those
> changed defaults indicate that either OpenSSH or your distribution is
> doing something stupid.
Not disagreeing with you here, but the ssh-rsa host key deprecation
actually has nothing to do with RSA.
It's because it relies on SHA-1, and SHA-1 is known to be broken.
See the details here: https://www.openssh.com/txt/release-8.2
More information about the cfarm-users
mailing list