OpenSSH is about to change. (For the better.)

Ademir@lemmy.eco.br to

Linux@lemmy.ml – 275 points – 10 months ago

OpenSSH is about to change. (For the better.)

youtu.be

OpenSSH's ssh-keygen command just got a great upgrade.

New video from @vkc@mspsocial.net

Edit:

She has a peertube channel: !veronicaexplains@tinkerbetter.tube and it federatess as a Lemmy Community

The Peertube video in Lemmy.ml: https://lemmy.ml/post/8842820

Link to the video in your instance.

You are viewing a single comment

View all comments Show the parent comment

Actually it is the same story with TLS 1.3 and TLS 1.2. A bunch of sites still doesn't support TLS 1.3 (e. g. arstechnica.com, startpage.com) and some of them only support TLS 1.2 with RSA (e. g. startpage.com).

You can try this yourself in Firefox by disabling ciphers (search for security.ssl3 in about:config) or by setting the minimum TLS version to 1.3 (security.tls.version.min = 4 in about:config).

Strange enough TLS 1.3 still doesn't support signed ed25519 certificates :| P‐256, NIST P‐384 or NIST P‐521 curves are known to be "backdoored" or having deliberately chosen mathematical weakness. I'm not an expert and just a noob security/selfhoster enthusiast but I don't want to depend on curves made by NSA or other spy agencies !

I also wondering if the EU isn't going to implement something similar with all their new spying laws currently discussed...

AFAIK, they're not known to be backdoored, only suspected

Yeah wrong wording, but the fact that we have to depend mostly on NSA's cryptographic schemes makes it very suspicious !