Announcement

Collapse
No announcement yet.

Fedora 33 Looking To Further Tighten Its Crypto Settings

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • skeevy420
    replied
    I hope that also means they'll get on to encrypting /boot with Silverblue installs. An unlocked bootloader is a very large hole in the security of the system, especially laptops and other portable systems.

    Don't know about y'all, but I'd prefer unlocking my bootloader that will then unlock my root and home drives (the system) either via password pass-through or keyfiles over having an unlocked bootloader and having to unlock the system manually. I can create my own units and whatnot for my own drives, but I'd like the core OS, we'll call that all the drives setup in Anaconda, to have some secure automagic by default outside of the very initial password prompt...3+ password prompts every boot gets old fast so a desktop OS needs a blend of security and automagic convenience.

    Leave a comment:


  • horizonbrave
    replied
    thank you

    Leave a comment:


  • zxy_thf
    replied
    They should do it earlier. My organization has required to disable sha-1 in sshd_config for quite a few years, and I have to edit cryptopolicies to achieve this.
    (FUTURE doesn't work as well because it breaks a number of websites)

    Update; oh Gee could they drop all SHA-1 from their default policies? It's still there in MACs.

    Leave a comment:


  • phoronix
    started a topic Fedora 33 Looking To Further Tighten Its Crypto Settings

    Fedora 33 Looking To Further Tighten Its Crypto Settings

    Phoronix: Fedora 33 Looking To Further Tighten Its Crypto Settings

    For the Fedora 33 release later this year, Red Hat is looking at further enhancing and strengthening the cryptography settings/configuration of the OS...

    http://www.phoronix.com/scan.php?pag...Tighter-Crypto
Working...
X