-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Continued Use of Insecure Default Parameters #12135
Comments
Hi, Thanks for the report. We would be happy to review and accept a PR with a fix for this. I guess that for DSA we can use 2048 as the default. Can you please suggest what other parts need to be updated? Thanks! |
Sure, I'll prepare a small PR to update the DSA key length shortly. |
Just to calibrate on the severity of this issue, |
Also ssh-keygen(1) says "DSA keys must be exactly 1024 bits as specified by FIPS 186-2". |
Sounds like a good solution. |
I would suggest that the most sensible approach here with least burden to the community would be not to change the default DSA key length (which I suspect might cause interoperability issues) but to figure out a plan to deprecate DSA keys, just as OpenSSH is doing. This shouldn't be an abrupt removal, per the Twisted compatibility policy, but I think it would make sense to at least begin adding deprecation warnings to the DSA bits in Conch. |
I would explain that my concerns are partly based on NIST SP 800-57, where it says:
|
Since you mention it, I should bring up that we have been deprecating stuff in Conch in fairly useless and annoying ways thus far, and we need to both (A) clean that up, and (B) take care to only actually emit deprecation warnings to useful places when you actually use stuff. Consider that
This doesn't help anyone; I didn't ask for any of those algorithms and I shouldn't be seeing ugly warnings just for launching conch itself. Similarly if you start the server, the warnings just go to stderr of Fixing this is certainly out of scope for this particular issue, but we should not make this problem worse if we can avoid it. |
Hi authors, I've noticed that some files, like this one, still use insecure default values such as 1024-bit DSA keys and MD5 hashing.
These are not recommended by modern cryptographic standards due to security concerns.
Are there plans to update to more secure alternatives?
The text was updated successfully, but these errors were encountered: