Joined: 24 Feb 2013 Posts: 1634 Location: Belgrade
Posted: Sat Oct 15, 2022 17:16 Post subject:
@egc
Kudos to you egc... ssh key generator would make our lives much easier...
@the-joker
sometimes I get this message (when GUI goes black-white):
Code:
Failed to load resource: net::ERR_SOCKET_NOT_CONNECTED (http://192.168.1.1/style/cyan/style.css)
explenation is this:
Code:
Audit usage of navigator.userAgent, navigator.appVersion, and navigator.platform
A page or script is accessing at least one of navigator.userAgent, navigator.appVersion, and naviga
or.platform. Starting in Chrome 101, the amount of information available in the User Agent string
will be reduced.
To fix this issue, replace the usage of navigator.userAgent, navigator.appVersion, and navigator.pl
tform with feature detection, progressive enhancement, or migrate to navigator.userAgentData.
Note that for performance reasons, only the first access to one of the properties is shown.
I don't know nothing about coding, and don't know of this is helpfull at all but just wanted to report it... I use google chrome Version 106.0.5249.119 (Official Build) (64-bit) on Linux 5.18 kernel...
Joined: 18 Mar 2014 Posts: 12922 Location: Netherlands
Posted: Sat Oct 15, 2022 17:26 Post subject:
Mile-Lile wrote:
@egc
Kudos to you egc... ssh key generator would make our lives much easier...
@the-joker
sometimes I get this message (when GUI goes black-white):
Code:
Failed to load resource: net::ERR_SOCKET_NOT_CONNECTED (http://192.168.1.1/style/cyan/style.css)
explenation is this:
Code:
Audit usage of navigator.userAgent, navigator.appVersion, and navigator.platform
A page or script is accessing at least one of navigator.userAgent, navigator.appVersion, and naviga
or.platform. Starting in Chrome 101, the amount of information available in the User Agent string
will be reduced.
To fix this issue, replace the usage of navigator.userAgent, navigator.appVersion, and navigator.pl
tform with feature detection, progressive enhancement, or migrate to navigator.userAgentData.
Note that for performance reasons, only the first access to one of the properties is shown.
I don't know nothing about coding, and don't know of this is helpfull at all but just wanted to report it... I use google chrome Version 106.0.5249.119 (Official Build) (64-bit) on Linux 5.18 kernel...
Generating an ed25519 key pair takes 20ms on my Raspberry 4
Code:
time ssh-keygen -t ed25519 -f /tmp/test -N ""
Generating public/private ed25519 key pair.
Your identification has been saved in /tmp/test
Your public key has been saved in /tmp/test.pub
The key fingerprint is:
SHA256:q7A4y/MFCaRSOwM8DIwKgbbqNjX7kJpSJpimrI7JsG0 user@raspberry4
The key's randomart image is:
+--[ED25519 256]--+
|@.o |
|+@ . |
|* B |
|o. + . |
|o. o S |
|=.oo.. . |
|*+.o+ . . |
|*XEo.+ . |
|X**=+.. |
+----[SHA256]-----+
real 0m0.020s
user 0m0.008s
sys 0m0.012s
Nothing to see here - move along
I just wanted to say that the speed of even old routers would certainly not be a problem if you use something other than RSA.
even if the processor is 10x slower it would only be 200ms
yes I know !! is currently not available
but you can't mention it often enough - maybe the availability will change sometime in the future
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Sat Oct 15, 2022 19:22 Post subject:
egc wrote:
2048 is deemed unsafe nowadays, minimum of 3072 is recommended, that does not mean there can/should not be a choice this is just for testing
The defaults in dropbear need to be changed, then.
ho1Aetoo wrote:
Generating an ed25519 key pair takes 20ms on my Raspberry 4
------
I just wanted to say that the speed of even old routers would certainly not be a problem if you use something other than RSA.
even if the processor is 10x slower it would only be 200ms
yes I know !! is currently not available
but you can't mention it often enough - maybe the availability will change sometime in the future
1) ED25519 and no other options would still probably take space that would not be viable across the board for all supported devices. You would have to rip the heart out of DD-WRT to accommodate it, and that ain't happenin' most likely.
2) It's not about key generation time, it's about key authentication time, which ED25519 is supposed to be faster, right?
3) It's already been discussed that speed over security is still a talking point here and that RSA is still more tried and true.
egc said generating a RSA-4096 key takes 1-10min depending on the processor.
Generating an ed25519 key pair takes about 20-500ms with comparable key strength (RSA-4096 or RSA-3072).
And yes ed25519 is not only stronger in generating but also in authenticating, ed25519 is also immune against side channel attacks and against weak random number generators.
on the whole, ed25519 offer up to 100x better performance with comparable and better security
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Sat Oct 15, 2022 21:26 Post subject:
The big thing adopting ED25519 depends on here is what defaults are absolutely required to compile a 100% functional dropbear binary with current options (like SFTP). If we can default to only using ED25519 and no other ciphers, great. But you still have to make room for it across the board for all supported devices which include dropbear, which is a key factor. This is where people who can successfully compile firmware images would be key in putting a proposal together, because they might also know where fat can be trimmed to make room. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Thu Oct 20, 2022 16:48 Post subject:
Having any scripts in place now shows edit for all available script options. This wasn't like this before, it only showed command input box and whichever script was in place. Not sure when this was introduced as this is a remote device that gets updated once every month or two. TL-WR940Nv3.
Having any scripts in place now shows edit for all available script options. This wasn't like this before, it only showed command input box and whichever script was in place. Not sure when this was introduced as this is a remote device that gets updated once every month or two. TL-WR940Nv3.
EA8500 looky 'bout same AFAIK ...with the silly logout included these days
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Thu Oct 20, 2022 18:52 Post subject:
The problem being that there are no user-added shutdown, firewall, or custom scripts, but the text boxes and edit button are there for them. This may not affect all devices, and I only use browsers set to clear cache on exit and use private browsing mode. I only used Edge to get a web capture of the page after clearing it's cache. Forgot to get a screenshot of page source, etc. and I'm not driving to this device to get it, that'll have to wait until I am on site again. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net