Why we’re upgrading to 4096-bit RSA keys and how it impacts you

To enhance your data security, we’re upgrading our server encryption from 1024-bit to 4096-bit RSA keys. This change strengthens our infrastructure against modern threats, keeps your data safer for the long haul, and ensures we meet industry standards. 

But what exactly does this change mean for you? 

The move to 4096-bit RSA keys is driven by the increasing computational power that threatens outdated encryption systems. The 1024-bit keys, while secure in the past, can now be cracked by attackers using advanced techniques.

3 reasons the upgrade matters

1. Stronger security
   The 4096-bit RSA keys offer exponentially more security, protecting against brute-force attacks and reducing vulnerabilities.
   
2. Compliance
   Security standards like PCI DSS, GDPR, and HIPAA recommend the use of stronger encryption keys. By upgrading, your data is shielded from potential threats.
   
3. Future-proofing
   With technology advancing rapidly, including the rise of quantum computing, the 1024-bit keys will become obsolete. The 4096-bit keys provide a long-term solution, making your data secure for years to come.

How the change impacts you

If you’re an EasyWP customer, you might notice a warning when you access your files via SFTP after the upgrade. This is normal, as your system detects the new encryption key and flags the change.

For example, you may see this warning:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@   WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!  @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Don’t worry, this is to be expected. It simply means your device still has the old key stored, and it needs to be updated.

Fixing the host key warning

If you’re using FileZilla, the solution is easy. You’ll be prompted to accept the new key automatically. Simply select the checkbox “Update cached key for this host” and hit “OK”, as shown in the screenshot below: 

If you prefer using the terminal for SFTP connections, you’ll need to manually remove the old key. The command you’ll see will depend on your file configuration, etc. 

Here is an example error message:

user@DESKTOP-5VUD0UN:~$ sftp [email protected]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@   WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!	@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/user/.ssh/known_hosts:142
  remove with:
  ssh-keygen -f "/home/user/.ssh/known_hosts" -R "fs-aurora.easywp.website"
RSA host key for fs-aurora.easywp.website has changed and you have requested strict checking.
Host key verification failed.
Connection closed.
Connection closed

In the above instance, you would use the following command:

ssh-keygen -f "/home/user/.ssh/known_hosts" -R "fs-aurora.easywp.website".

Need help? Contact our Support Team

The transition to 4096-bit RSA keys means our security measures keep pace with evolving threats. While the change may prompt a one-time fix, it’s a small step to safeguard your data.

If you have any questions or need help, please reach out to our Customer Support team.