Linux

48008 readers

1591 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

[email protected]

275

OpenSSH is about to change. (For the better.) (youtu.be)

submitted 11 months ago* (last edited 11 months ago) by [email protected] to c/[email protected]

40 comments fedilink hide all child comments

OpenSSH's ssh-keygen command just got a great upgrade.

New video from @[email protected]

Edit:

She has a peertube channel: [email protected] and it federatess as a Lemmy Community

The Peertube video in Lemmy.ml: https://lemmy.ml/post/8842820

Link to the video in your instance.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 39 points 11 months ago (16 children)

i don't think I've created an RSA key since 2017

[–] [email protected] 19 points 11 months ago (9 children)

A surprising amount of services (including Azure last I tried) can only handle RSA keys, so after trying ecdsa only for a while I ended up adding a RSA key again.

With that said - it's 2023, in almost all cases you should have your keys in a hardware module nowadays, in which case you'd use a different command for keygeneration.

[–] [email protected] 10 points 11 months ago* (last edited 11 months ago) (1 children)

Actually it is the same story with TLS 1.3 and TLS 1.2. A bunch of sites still doesn't support TLS 1.3 (e. g. arstechnica.com, startpage.com) and some of them only support TLS 1.2 with RSA (e. g. startpage.com).

You can try this yourself in Firefox by disabling ciphers (search for security.ssl3 in about:config) or by setting the minimum TLS version to 1.3 (security.tls.version.min = 4 in about:config).

[–] [email protected] 3 points 11 months ago (1 children)

Strange enough TLS 1.3 still doesn't support signed ed25519 certificates :| P‐256, NIST P‐384 or NIST P‐521 curves are known to be "backdoored" or having deliberately chosen mathematical weakness. I'm not an expert and just a noob security/selfhoster enthusiast but I don't want to depend on curves made by NSA or other spy agencies !

I also wondering if the EU isn't going to implement something similar with all their new spying laws currently discussed...

[–] [email protected] 3 points 11 months ago (1 children)

AFAIK, they're not known to be backdoored, only suspected

[–] [email protected] 2 points 11 months ago

Yeah wrong wording, but the fact that we have to depend mostly on NSA's cryptographic schemes makes it very suspicious !

load more comments (7 replies)

load more comments (13 replies)