Mailinglist Archive: heroes (40 mails)

< Previous Next >
Re: [heroes] gitlab and SSH keys

Am 30.06.2018 um 15:44 schrieb Christian Boltz:

some days ago, Theo told me that he upgraded mickey (our gitlab VM) to
Leap 15.

This has the side effect that "old" dsa SSH keys (pubkey starting with
"ssh-dss") no longer work. The symptom is that "git pull" will ask for a

maybe it's time to recommend the following stuff to you:

DSA keys must be exactly 1024 bits so let’s disable that. Number 2 here
involves NIST suckage and should be disabled as well. Another important
disadvantage of DSA and ECDSA is that it uses randomness for each
signature. If the random numbers are not the best quality, then it is
possible to recover the secret key. Fortunately, RSA using SHA1 is not a
problem here because the value being signed is actually a SHA2 hash. The
hash function SHA1(SHA2(x)) is just as secure as SHA2 (it has less bits
of course but no better attacks).



Thorsten Bro <tbro@xxxxxxxxxxxx>
- Member of openSUSE Heroes -
To unsubscribe, e-mail: heroes+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: heroes+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation