[cfarm-users] Is RSA really insecure? (was: account email address)

[Peter Gutmann]

Jacob Bachmeyer via cfarm-users <cfarm-users at lists.tetaneutral.net> writes:

>This is a pet peeve of mine:  unless you have a citation for an actual viable
>attack on RSA as used in SSH, or perhaps on the protocol SSH uses for RSA-
>based authentication, this is *not* insecure at all and those changed
>defaults indicate that either OpenSSH or your distribution is doing something
>stupid.

Yup.  As some security guy once said, the security industry has more in common
with the fashion industry than the computer industry (or something like that
[*]). TLS did the same, they universally disabled DH keyex because of a minor
implementation flaw that affected somethng like 0.01% of implementations and
so people fell back to RSA keyex, which has serious security vulns that have
been known for at least two decades.

Go ahead and use RSA auth, it's at least as secure (or insecure) as any of the
others.

Peter.

[*] A slightly different quote from Linus Torvalds which says more or less the
same thing is "the *discussion* on security seems to never get down to real
numbers. So the difference between them is simple: one [networking] is 'hard
science'. The other one is 'people wanking around with their opinions'".