-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SSH] Added key size selection #1608
base: master
Are you sure you want to change the base?
[SSH] Added key size selection #1608
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for this follow-up. Nice work, it works well.
I just have a few remarks below.
In general what do you think about setting the initial value to the recommended size of 4kBi for RSA and 3kBi for DSA and just allow lowering the value?
Are higher values possible for RSA too? If yes, I think we should also make that possible.
Additionally please make sure that you have formatted all new lines according to the formatter settings (unfortunately the existing code does not adhere to them). E.g. there should be a space before and after a equal-sign.
@@ -89,6 +89,7 @@ CVSSSH2PreferencePage_144=Key Exchange &Methods | |||
CVSSSH2PreferencePage_145=MA&C Methods | |||
CVSSSH2PreferencePage_146=&SSH Agent | |||
CVSSSH2PreferencePage_147=Select preferred SSH Agent | |||
CVSSSH2PreferencePage_148=Key Size to Generate: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's keep it simple here:
CVSSSH2PreferencePage_148=Key Size to Generate: | |
CVSSSH2PreferencePage_148=Key size: |
@@ -101,6 +108,7 @@ public class PreferencePage extends org.eclipse.jface.preference.PreferencePage | |||
private Button ssh2HomeBrowse; | |||
Button keyGenerateDSA; | |||
Button keyGenerateRSA; | |||
private Spinner keyGenerateSize; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Better name it keySizeValue
or just keySize
, but then you have to rename the existing local variable with the same name to keySizeValue
or alike or you just inline keySize.getSelection()
private Spinner keyGenerateSize; | |
private Spinner keySizeValue; |
keyGenerateSize.addKeyListener(new KeyAdapter() { | ||
@Override | ||
public void keyPressed(KeyEvent e) { | ||
e.doit = false; | ||
} | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can be simplified using KeyListener.keyPressedAdapter()
keyGenerateSize.addKeyListener(new KeyAdapter() { | |
@Override | |
public void keyPressed(KeyEvent e) { | |
e.doit = false; | |
} | |
}); | |
keySizeValue.addKeyListener(KeyListener.keyPressedAdapter(e -> e.doit = false)); |
if (keyGenerateSize.getSelection()>DSA_KEY_SIZE) | ||
keyGenerateSize.setSelection(DSA_KEY_SIZE); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please always use braces:
if (keyGenerateSize.getSelection()>DSA_KEY_SIZE) | |
keyGenerateSize.setSelection(DSA_KEY_SIZE); | |
if (keyGenerateSize.getSelection()>DSA_KEY_SIZE) { | |
keyGenerateSize.setSelection(DSA_KEY_SIZE); | |
} |
3fe39fe
to
ec8253a
Compare
I think this is a good idea as it initially sets it to the more secured key size than 2048 bits for developers to acknowledge. I changed the initial value to 4096 bits.
I have fixed the formatting. Thank you for clarification.
Higher values for RSA are possible. The current RSA algorithm does not seem to have a limit for the max key size it can generate. However, the main drawbacks with generating larger RSA key lengths include CPU overhead and performance issues. As you generate a larger key length, CPU runtime increases dramatically. A high-end computer could easily generate larger keys, but I would not recommend it for low-end computers. Because of the overhead and performance, it is best to recommend using an ECC encryption for keys larger than 4096 bits since it provides an equivalent level of encryption strength as RSA with smaller key sizes and faster performance. For example, an ECC key size of 512 bits is equivalent to an RSA key size of 15360 bits. I am not sure how implementing ECC would work but it is only a thought I think would improve performance in generating keys. I changed the max RSA key size you can generate to 15360 bits as it is equivalent to 256 security bits (really strong in security encryption); generally, higher than 15360 bits is not recommended for the sake of runtime. |
This implementation allows to select the key size of the generated key ranging from 2048-15360 bits incremented by 1024 bits. (DSA has a max limit of 3072 bits)
ec8253a
to
5a92d31
Compare
This implementation allows to select the key size of the generated key ranging from 2048-4096 bits, which is using a Spinner to increment by 1024 bits. (DSA is limited to 3072 bits)
Refer to #1464