use ed25519 keys instead of rsa keys #362
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RSA keys are outdated. Even by using larger 4096 keys maybe it's best to move away from rsa keys altogether. This PR updates the document to suggest using ed25519 keys which, at this time, defaults to a 16 round key deviation function. It may be useful to suggest more rounds for the KDF but that's for a different PR. --timball
|
Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines. |
|
Thanks for opening a PR 👍 Please fill out the pull request template and we'll get this up for review! |
Is the pull request template the same as filing a bug report? If not where do I find the template? Please and thank you. --timball |
|
👋 @timball The pull request template is the information in the original comment at the top of this pull request (the |
Okay! filled it out and editted the request template! --timball |
|
Thanks @timball I'll get this triaged for review! |
janiceilene
added
content
|
@timball - Many thanks. The change looks like a good one. I just want to run this by our security folks here at GitHub then I'll merge this. The same thing crops up elsewhere in the docs, so we'll get those changed too. Thanks again. 👍 |
|
The reason for the docs as they are is because, at least at the time they were last updated, having the default docs use |
|
Ha..I just checked the repo for docs before we open-sourced it and I had already dug around a bit and assessed that it was 👍 to update the docs to ed25519. The issue just hadn't gotten prioritized to make the actual docs change yet. 👍 from me. |
janiceilene
added
the
hacktoberfest-accepted
hubwriter
reviewed
Oct 28, 2020
...t/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md
Show resolved
Hide resolved
10 tasks
|
I've raised an issue to get another couple of topics updated likewise: #876 |
|
This PR is ready to merge. |
4 tasks
|
Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. |
4 tasks
This was referenced Jan 16, 2022
jnidzwetzki
pushed a commit
to jnidzwetzki/docs
that referenced
this pull request
Oct 6, 2022
Co-authored-by: Jacob Prall <prall.jacob@gmail.com>
jnidzwetzki
pushed a commit
to jnidzwetzki/docs
that referenced
this pull request
Oct 6, 2022
* initial setup * remove update search index for now * major overhaul - links to console and new portal not changed * index page for mst * mst-multi-node * finish mst section content * convert forge links * General edits for wording, etc. (github#381) * update (github#386) * Add command to install timescaledb-tools (github#364) * Fix missing semi-colon (github#363) Co-authored-by: Jacob Prall <prall.jacob@gmail.com> * Remove 'repeatable' isolation level from multinode docs (github#361) Co-authored-by: Jacob Prall <prall.jacob@gmail.com> * Fix bad path (github#360) * add leading slash * Add version * typo Co-authored-by: Jacob Prall <prall.jacob@gmail.com> * Update install instructions (github#359) * Update install instructions * Change postgres to timescaledb repo * Add sudo * Remove extra whitespace * Update to correct key * Edits per feedback * Add step to install postgres repo * Apply suggestions from code review Co-authored-by: Cam Hutchison <35285934+camscale@users.noreply.github.com> Co-authored-by: Cam Hutchison <35285934+camscale@users.noreply.github.com> Co-authored-by: Jacob Prall <prall.jacob@gmail.com> * Fix/link checker error (github#370) * add absolute path to links * add slash * Fix incorrect sql query (github#362) Co-authored-by: Jacob Prall <prall.jacob@gmail.com> * Add the toolkit as a pre-req to the tutorial. (github#306) * Add the toolkit as a pre-req to the tutorial. * Fix link in admon * Point to correct URL * fix link Co-authored-by: Jacob Prall <prall.jacob@gmail.com> * Fix/link checker error (github#374) * add absolute path to links * add slash * add base url * add new to ignore * Fix/link checker error (github#376) * add absolute path to links * add slash * add base url * add new to ignore * add scheme * Document the differences between time_bucket() and time_bucket_ng() (github#354) Document the differences between time_bucket() and time_bucket_ng() Co-authored-by: Lana Brindley <github@lanabrindley.com> * Update install instructions (github#379) * Update install instructions * Update timescaledb/how-to-guides/install-timescaledb/installation-apt-debian.md Co-authored-by: Jacob Prall <prall.jacob@gmail.com> * Add metadata for tutorials (github#380) * Add metadata for tutorials * Update page-index.js typo correction Co-authored-by: Jacob Prall <prall.jacob@gmail.com> * Update page-index.js Co-authored-by: Lana Brindley <github@lanabrindley.com> Co-authored-by: Cam Hutchison <35285934+camscale@users.noreply.github.com> Co-authored-by: Aleksander Alekseev <mail@eax.me> * change to cloud * cloud * Update time_bucket_ng.md (github#417) * Update cloud/cloud-multi-node.md Co-authored-by: Lana Brindley <github@lanabrindley.com> * Update cloud/create-a-service.md Co-authored-by: Lana Brindley <github@lanabrindley.com> * Update mst/create-a-service.md Co-authored-by: Lana Brindley <github@lanabrindley.com> * Update timescaledb/tutorials/setting-up-mst-for-prometheus.md Co-authored-by: Lana Brindley <github@lanabrindley.com> * Update timescaledb/tutorials/setting-up-mst-for-prometheus.md Co-authored-by: Lana Brindley <github@lanabrindley.com> * Update timescaledb/tutorials/setting-up-mst-for-prometheus.md Co-authored-by: Lana Brindley <github@lanabrindley.com> * Update timescaledb/tutorials/setting-up-mst-for-prometheus.md Co-authored-by: Lana Brindley <github@lanabrindley.com> * Update timescaledb/tutorials/setting-up-mst-for-prometheus.md Co-authored-by: Lana Brindley <github@lanabrindley.com> * Update cloud/create-a-service.md Co-authored-by: Lana Brindley <github@lanabrindley.com> * Update time_bucket_ng.md * Update cloud/create-a-service.md Co-authored-by: Lana Brindley <github@lanabrindley.com> * update portal managed * Feature/timescale license comparison (github#453) * added timescale license comparison * edit title * update * Make sure window functions are listed as unsupported (github#393) Co-authored-by: Jacob Prall <prall.jacob@gmail.com> * update link (github#420) * update (github#422) * Fix/update link checker (github#424) * update * don't check if starts with / * add excludes (github#426) * Fix/linkchecker (github#428) * add excludes * update * Fix/linkchecker (github#430) * add excludes * update * update * Fix/linkchecker (github#432) * add excludes * update * update * comment out link checker * Fix/link checker again (github#433) * try to include link checker * reinstate index rebuild on merge * tweak yaml * remove link detector * tweak curl * remove link checker * remove search index from deploy * tweak update search * update search index * change name of action * stop search index for now * ignore search update * remove update search index * Add .NET C# quick start tutorial (github#412) * Add C# dotnet quickstart * Update dotnet.md Fixing steps to have numbers, a few heading formatting issues, and changing the "step" text above each method. * Apply suggestions from code review Applying most changes. I want to verify that auto numbering will work across code sections before accepting those. Co-authored-by: Lana Brindley <github@lanabrindley.com> * Apply suggestions from code review Co-authored-by: Lana Brindley <github@lanabrindley.com> * Update dotnet.md Co-authored-by: Ryan Booz <ryan@timescale.com> Co-authored-by: Lana Brindley <github@lanabrindley.com> * update copy * update copy * add edition * Fix typo in JSON docs (github#441) Co-authored-by: Tadas Malinauskas <tadas.malinauskas@oxylabs.io> * Clarify behavior when deleting a data node (github#406) * Clarify behavior when deleting a data node When deleting a data node, the database (including its data) on the data node is left intact. This sometimes confuses users and this change clarifies this behavior and adds explanations for why this behavior exists. * Update api/delete_data_node.md Co-authored-by: Lana Brindley <github@lanabrindley.com> * Update api/delete_data_node.md Co-authored-by: Lana Brindley <github@lanabrindley.com> * Apply suggestions from code review minor copy edits Co-authored-by: Lana Brindley <github@lanabrindley.com> Co-authored-by: Jacob Prall <prall.jacob@gmail.com> Co-authored-by: Lana Brindley <github@lanabrindley.com> * Update README.md add newLabel to page-index read me * Add link to developer docs on GH (github#438) * Add link to developer docs on GH * Add link to developer docs on install page * remove new item Co-authored-by: Lana Brindley <github@lanabrindley.com> Co-authored-by: Jônatas Davi Paganini <jonatasdp@gmail.com> Co-authored-by: Ryan Booz <ryan@timescale.com> Co-authored-by: Tadas Malinauskas <Taadas@users.noreply.github.com> Co-authored-by: Tadas Malinauskas <tadas.malinauskas@oxylabs.io> Co-authored-by: Erik Nordström <819732+erimatnor@users.noreply.github.com> * Update timescaledb-license-comparison.md * update timescale table * add terms of service links * update * add terms of service links * Update timescaledb-license-comparison.md * Update timescaledb-license-comparison.md Co-authored-by: Lana Brindley <github@lanabrindley.com> Co-authored-by: Cam Hutchison <35285934+camscale@users.noreply.github.com> Co-authored-by: Aleksander Alekseev <mail@eax.me> Co-authored-by: Jônatas Davi Paganini <jonatasdp@gmail.com> Co-authored-by: Ryan Booz <ryan@timescale.com> Co-authored-by: Tadas Malinauskas <Taadas@users.noreply.github.com> Co-authored-by: Tadas Malinauskas <tadas.malinauskas@oxylabs.io> Co-authored-by: Erik Nordström <819732+erimatnor@users.noreply.github.com>
docs-bot
added a commit
that referenced
this pull request
Oct 9, 2024
Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
RSA keys are outdated. This PR updates the document to suggest using ed25519 which, at this time, defaults to a 16 round key deviation function. It may be useful to suggest more rounds for the KDF, but that's for a different PR.
--timball
Why:
This Change is to encourage people to use a more sound cryptographic algorithm to generate their ssh keys.
Currently, the docs recommend 'ssh-keygen' and the RSA algorithm with 4096 bit keys. This is better than the
ssh-keygendefault of 3072 bit keys. Also, this paper suggests that about 1 in thousand RSA moduli were not cryptographically sound. Last but not least, the RSA algorithm at 1024 bits (or less) is considered unsafe by NIST. We should not encourage the use of an old algorithm that is often used in an unsafe way.This change proposes that Github recommend using the more modern, and safer, ed25519 key algorithm rather than RSA.
What's being changed:
The original ssh-keygen flags
-t rsa -b 4096specifying the use of the rsa algorithm with a key 4096 bits long are replaced with-t ed25519which specifies using the ed25519 algorithm.Check off the following: