Announcement

Collapse
No announcement yet.

Fedora 33 Looking To Further Tighten Its Crypto Settings

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fedora 33 Looking To Further Tighten Its Crypto Settings

    Phoronix: Fedora 33 Looking To Further Tighten Its Crypto Settings

    For the Fedora 33 release later this year, Red Hat is looking at further enhancing and strengthening the cryptography settings/configuration of the OS...

    http://www.phoronix.com/scan.php?pag...Tighter-Crypto

  • #2
    They should do it earlier. My organization has required to disable sha-1 in sshd_config for quite a few years, and I have to edit cryptopolicies to achieve this.
    (FUTURE doesn't work as well because it breaks a number of websites)

    Update; oh Gee could they drop all SHA-1 from their default policies? It's still there in MACs.

    Comment


    • #3
      thank you

      Comment


      • #4
        I hope that also means they'll get on to encrypting /boot with Silverblue installs. An unlocked bootloader is a very large hole in the security of the system, especially laptops and other portable systems.

        Don't know about y'all, but I'd prefer unlocking my bootloader that will then unlock my root and home drives (the system) either via password pass-through or keyfiles over having an unlocked bootloader and having to unlock the system manually. I can create my own units and whatnot for my own drives, but I'd like the core OS, we'll call that all the drives setup in Anaconda, to have some secure automagic by default outside of the very initial password prompt...3+ password prompts every boot gets old fast so a desktop OS needs a blend of security and automagic convenience.

        Comment

        Working...
        X