From owner-freebsd-security  Thu Aug 29  8:31: 1 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B546937B401
	for <freebsd-security@FreeBSD.ORG>; Thu, 29 Aug 2002 08:30:56 -0700 (PDT)
Received: from mile.nevermind.kiev.ua (office.netstyle.com.ua [213.186.199.26])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 53E0643E77
	for <freebsd-security@FreeBSD.ORG>; Thu, 29 Aug 2002 08:30:46 -0700 (PDT)
	(envelope-from never@mile.nevermind.kiev.ua)
Received: from mile.nevermind.kiev.ua (never@localhost [127.0.0.1])
	by mile.nevermind.kiev.ua (8.12.3/8.12.3) with ESMTP id g7TFU7mA026389;
	Thu, 29 Aug 2002 18:30:08 +0300 (EEST)
	(envelope-from never@mile.nevermind.kiev.ua)
Received: (from never@localhost)
	by mile.nevermind.kiev.ua (8.12.3/8.12.3/Submit) id g7TFU741026388;
	Thu, 29 Aug 2002 18:30:07 +0300 (EEST)
Date: Thu, 29 Aug 2002 18:30:06 +0300
From: Alexandr Kovalenko <never@nevermind.kiev.ua>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: mipam@ibb.net, Matthias Buelow <mkb@mukappabeta.de>,
	Stefan Kr?ger <skrueger@europe.com>, freebsd-security@FreeBSD.ORG,
	tech-security@netbsd.org, misc@openbsd.org
Subject: Re: 1024 bit key considered insecure (sshd)
Message-ID: <20020829153006.GB26145@nevermind.kiev.ua>
References: <20020828200748.90964.qmail@mail.com> <3D6D3953.6090005@mukappabeta.de> <20020828224330.GE249@localhost> <87k7mamc2s.fsf@snark.piermont.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <87k7mamc2s.fsf@snark.piermont.com>
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hello, Perry E. Metzger!

On Thu, Aug 29, 2002 at 02:08:27AM -0400, you wrote:

> > > >and maybe we should update our rc scripts,
> > > >so that ssh-keygen generates at least 1280 Bit keys
> > > I think this is highly overrated and only of theoretical
> > > value for most *BSD users.
> > I dont think its too much overrated and theoretical.
> I do. If someone with millions of dollars to spend on custom designed
> hardware wants to break into your computer, I assure you that
> increasing the size of your ssh keys will not stop them. Nor, for that
> matter, would the slow and tedious process of cracking your ssh keys
> be nearly as efficient as the more pragmatic alternatives.
Much more simplier is to get physical access with those millions of
dollars.

-- 
NEVE-RIPE
Ukrainian FreeBSD User Group
http://uafug.org.ua/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message