Skip to content

Introduce a crate feature to allow <1024 bit RSA keys #336

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Eugeny opened this issue Feb 24, 2025 · 3 comments
Open

Introduce a crate feature to allow <1024 bit RSA keys #336

Eugeny opened this issue Feb 24, 2025 · 3 comments

Comments

@Eugeny
Copy link
Contributor

Eugeny commented Feb 24, 2025

There are still tons of legacy devices (in particular network switches) out there that use 1024bit RSA keys. The ssh-key crate should provide an escape hatch that lets the consumer make these security decisions themselves.

I'll make a PR shortly
Eugeny added a commit to Eugeny/RustCrypto-SSH that referenced this issue Feb 24, 2025
@Eugeny
ssh-key: add a crate feature to allow insecure RSA keys - fixes RustC…
44c92c8 
…rypto#336
Eugeny added a commit to Eugeny/RustCrypto-SSH that referenced this issue Feb 24, 2025
@Eugeny
ssh-key: add a crate feature to allow insecure RSA keys - fixes RustC…
b27a64c 
…rypto#336
@tarcieri
Copy link
Member

We're discussing enforcing a minimum modulus of 1024-bits in the rsa crate itself: RustCrypto/RSA#445

@Eugeny
Copy link
Contributor Author

Eugeny commented Feb 28, 2025
edited
Loading

rsa itself having a feature for that would be a nicer solution I guess? ssh-key could then just forward it.

The only issue I see is that any crate in a workspace could "poison" the rsa create by enabling that feature for the entire workspace.

For my use case personally, I'd be fine with rsa just having a 1024 bit minimum hardcoded (that would be the same that OpenSSH already has)

@tarcieri
Copy link
Member

Yeah, I don't think it makes sense to remove the key size check entirely. 1024-bits should be the hard floor

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tarcieri @Eugeny