fix(login): raise RSA SSH host key default to 4096 bits#194
Closed
giuliocalzo wants to merge 1 commit into
Closed
Conversation
The keypair generator defaulted RSA keys to 1024 bits, which is below modern security baselines and was being used for login pod SSH host keys via BuildLoginSshHostKeys. Introduce a DefaultRsaBitLength constant set to 4096 bits and pin it explicitly at the login-secret call site so the secure length is documented at both layers and cannot silently regress.
giuliocalzo
requested review from
SkylerMalinowski,
alanmutsch,
catblade,
vivian-hafener and
wickberg
as code owners
vivian-hafener
removed request for
SkylerMalinowski,
alanmutsch,
catblade and
wickberg
Contributor
|
Merged: 8ecab27 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
crypto.NewKeyPairdefaulted RSA keys to 1024 bits, andBuildLoginSshHostKeyswas relying on that default to generate the login pod's RSA SSH host key. 1024-bit RSA is below modern security baselines (NIST SP 800-57 recommends 3072 bits for keys remaining secure past 2030).crypto.DefaultRsaBitLength = 4096and uses it as the new default inNewKeyPair.crypto.WithRsaLength(crypto.DefaultRsaBitLength)) so the secure length is documented at both layers and won't silently regress if the default ever changes.Test plan
go test ./internal/utils/crypto/... ./internal/builder/loginbuilder/...passes locally (existingTestNewKeyPaircases cover RSA default,WithRsaLength(4096), and the rejectedWithRsaLength(256)insecure-length case).LoginSet, exec into the resulting Secret, and confirmssh-keygen -lf ssh_host_rsa_keyreports 4096 bits.