Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
ecdsa-sha2-nistp<256/384/521>
See original GitHub issue@jtesta , ssh-audit 2.4.0 returns the following for host key algorithms ecdsa-sha2-nistp256, ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521:
# host-key algorithms
(key) ecdsa-sha2-nistp521 -- [fail] using weak elliptic curves
`- [warn] using weak random number generator could reveal the key
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(key) ecdsa-sha2-nistp384 -- [fail] using weak elliptic curves
`- [warn] using weak random number generator could reveal the key
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
`- [warn] using weak random number generator could reveal the key
`- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
Would it be possible to update the [fail] message to include a citation to a credible source that backs up the claim of using weak elliptic curves?
I’ve seen that you presented on the topic of Problems With Elliptic Curves In TLS and SSH at Rochester Security Summit (RSS) 2017.
Perhaps ssh-audit could cite your presentation?
Issue Analytics
- State:
- Created 2 years ago
- Comments:13 (10 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Yep, that looks good.
When verbose mode is enabled, the JSON output should include the references as well.
I think it would make more sense to include it along the error:
As you could have multiple references:
Although I guess you could use the same format for adding references in a new sublevel: