Warning Produced for 2048-bit RSA Host Key

[thecliguy]

I ran the current master branch of ssh-audit against an SSH server with a 2048-bit RSA Host Key and this is now flagged as follows: [warn] 2048-bit modulus only provides 112-bits of symmetric strength.

Is there a credible/authoritative reference that can be cited to backup ssh-audit's position that 2048-bit is considered inadequate? If so, can it be referred to as a comment in the output?

It's very difficult to persuade a server admin and/or an SSH software developer to make improvements without being able to provide a credible reference to justify it.

[jtesta]

Page 54 of https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf says that 2048-bit RSA and DH moduli are equivalent to 112 bits. Page 59 says that 2048-bit moduli is "disallowed/legacy" starting in 2031. And generally, 128 bits has been considered to be the minimum for strong security for quite some time. I would imagine there are more references floating around regarding 112-bit security, but that seems like enough for me to flag it as a warning now. The web front-end has been flagging it as a warning for the last 5.5 years, FYI. I've put in a lot of time hunting down references to include in the web front-end results. Its crossed my mind more than once that they should somehow be integrated into the command-line tool's output. I've hesitated about it because its a lot of data (full references and links to PDFs) and I'm not sure how to best present it to the user in the terminal. One way is to put them in as notes attached to the algorithms in question (these would wrap many lines and cause a visually-cluttered mess). The other way is to add a separate References section, like the web front-end does (but this makes it a bit harder to see what algorithm matches with which reference(s).

[thecliguy]

Thanks for providing that reference, much appreciated.

We've discussed integrating references into the CLI output before, in fact there's an open issue (#107) which I should have worked on by now... I'll revisit this idea and try to make some progress...