=== lukedashjr is now known as luke-jr [08:50] could we use ed25519 keys now on launchpad? [08:54] (and staging?) [09:08] also, does launchpad plans to offer ed25519 host keys, sarnold? [09:08] to be added here > https://help.launchpad.net/SSHFingerprints only rsa shown [10:55] gevreeen: sarnold isn't on the Launchpad team. Yes, you can use Ed25519 keys. No immediate plans to offer Ed25519 host keys - that's relatively minor by comparison with sorting out user keys [10:56] And RSA isn't broken if you're using it with SHA-2 signatures, so it isn't a pressing security concern [10:57] (don't get me wrong, sarnold is very helpful, it's just not fair to ask him about plans that he can't really be in a position to know) [11:29] ah, it was him last time who promised oncoming ed25519 support while denying such to ed448. sorry for bothering both of you on the matter [12:19] I think he was just relaying stuff I'd said [12:20] I don't mind being bothered about it, just wanted to make sure you were bothering the right person :) [15:16] cjwatson: I just took a look at the section of windows registry documenting my putty config, which essentially gives KEX as "ecdh,rsa,WARN,dh-gex-sha1,dh-group14-sha1,dh-group1-sha1" [15:17] maybe I should talk to putty devs instead, but offering ed25519 (or perhaps ed448/nistp521) as a side option does help (gitlab and github already offers ed25519 hostkey) [16:14] "WARN" is an interesting key exchange algorithm. :) [16:14] tomreyn: anything to the right of WARN will generate a warning dialog in putty [16:15] dare not remove then for fear of breaking the program [16:15] i see, didn't know how putty works there. [16:15] s/then/them/ [16:39] I could agree that it's a bit of a problem that the only supported host keys on git.launchpad.net provide less than 128 bits of security. [16:40] using a >= 3072-bit modulus would help there [16:40] other than that, rsa is still fine. [16:42] (though it's usually good to support more than a single non-weak host key type, kex algorithm, cipher and mac)