Syncplify Developers' Blog

Syncplify Developers' Blog

Share this post

Syncplify Developers' Blog
Syncplify Developers' Blog
This is why you should use RSA host keys carefully...
Copy link
Facebook
Email
Notes
More

This is why you should use RSA host keys carefully...

...or just stop using them altogether.

Syncplify Devs
Nov 20, 2023

Share this post

Syncplify Developers' Blog
Syncplify Developers' Blog
This is why you should use RSA host keys carefully...
Copy link
Facebook
Email
Notes
More
Share

An extremely interesting research paper published in 2023 by Keegan Ryan, Kaiwen He, George A. Sullivan, and Nadia Heninger, mathematically proves yet another weakness with RSA keys - often used as host keys by/for SSH/SFTP servers - and this time it has to do with the way they are generated.

Without delving into the math itself, which is not the purpose of this blog, we would like to take this occasion to advise our customers to use stronger keys, like ECDSA or Ed25519, instead of RSA for their host keys.

Now, Syncplify Server! does indeed test RSA keys for this kind of weakness, and potentially vulnerable keys are not imported nor accepted upon generation. Yet, time and time again RSA has proven to be on its way to becoming the weak link among host key algorithms, and it's only a matter of time until more weaknesses are discovered.

Although changing your SSH/SFTP server's host key is no easy feat (it requires you to warn your users and make sure they all discard the old key and accept the new one) it still is the recommended way to go at times. This is one such time.

Starting from the next release, Syncplify Server! will only generate 2 keys (ECDSA and Ed25519) upon installation, and will allow you to generate or import an RSA key at a later time, if you so wish. This is yet another way for Syncplify to stay ahead of the curve, and prevent the occurrence of foreseeable issues before they happen.

Always stay safe, and take care!


Subscribe to Syncplify Developers' Blog

Launched 10 months ago
Release notes and blog by the developers at Syncplify.

Share this post

Syncplify Developers' Blog
Syncplify Developers' Blog
This is why you should use RSA host keys carefully...
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

User's avatar
Syncplify Server! v6.2.57 released
Importance of this update: MINOR
Feb 27 â€¢ 
Syncplify
2

Share this post

Syncplify Developers' Blog
Syncplify Developers' Blog
Syncplify Server! v6.2.57 released
Copy link
Facebook
Email
Notes
More
Syncplify Server! v6.2.48 released
Importance of this update: HIGH
Oct 21, 2024 â€¢ 
Syncplify
1

Share this post

Syncplify Developers' Blog
Syncplify Developers' Blog
Syncplify Server! v6.2.48 released
Copy link
Facebook
Email
Notes
More
The strongest SSL/TLS configuration
How to achieve, and even exceed, FIPS 140-2/-3 compliance on all Syncplify Server! TLS protocol handlers
Apr 7 â€¢ 
Syncplify
1

Share this post

Syncplify Developers' Blog
Syncplify Developers' Blog
The strongest SSL/TLS configuration
Copy link
Facebook
Email
Notes
More

Ready for more?

© 2025 Syncplify
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More

Create your profile

User's avatar

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.