@cloonix I have an ED25519 ssh key, the moment I enable FIPS on CentOS Stream 9 I can't login with that key anymore.
@zhenech Oof. So maybe that’s also the reason why Azure DevOops won’t support those keys? Still RSA only like it's 2005.
@zhenech
Well, ED25519 isn't NIST, so that would make sense (no point in having a security standard if you're going to allow using algorithms that aren't part of said standard).
I suspect using ECDSA with one of the NIST curves works? P-384 is pretty good too, and not suspect like Dual_EC_DRBG always was, even before Snowden confirmed it was compromised.
@cloonix
Well, ED25519 isn't NIST, so that would make sense (no point in having a security standard if you're going to allow using algorithms that aren't part of said standard).
I suspect using ECDSA with one of the NIST curves works? P-384 is pretty good too, and not suspect like Dual_EC_DRBG always was, even before Snowden confirmed it was compromised.
@cloonix
@wouter
It does make sense, in a way, sure.
Just creates more headaches for me.
The code at hand only does ed25519 and rsa (don't ask) and only generates *one* of them. As ed25519 is supported when FIPS is disabled, it ends up creating a ed25519 key during initial deployment, I flip FIPS to enabled and boom.
- replies
- 0
- announces
- 0
- likes
- 0