From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 19:21:28 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0BEE31065670 for ; Sun, 24 Jun 2012 19:21:28 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id A2EB48FC16 for ; Sun, 24 Jun 2012 19:21:27 +0000 (UTC) Received: by yenl8 with SMTP id l8so2801921yen.13 for ; Sun, 24 Jun 2012 12:21:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=zl7CkVgLRkquKGv0rHqrfBtY4KgRnZDEOZNCDcnf+rw=; b=PRVKHIapqL+t0BruiaugR6o1KCfIlNdgJw9EuFVpuxYJhWeJVGEWPO1XpQVCR9gyfD S9JlAubuTa5+JtazTyqWKwdPHUs10C5TDLe+89ID+JmBuZgWnUMv7lDlkbQMwe0g9UXi izPEf0I3XO8US6ItYVZMMnPtrTdnHrjX8KTac= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=zl7CkVgLRkquKGv0rHqrfBtY4KgRnZDEOZNCDcnf+rw=; b=E8pSG9N4vS8hz8KowdJU0yOzKtYFcbhnAwO/RaH4lA4orJ32Mha2Bppta7MsDclyvJ SIJlIxn9D/OZPgyDlZRqNL6EnJs46e5qzB6OAXnAhiHlo2xGX3gc8WDQ01a58Ed5zWke 2EiaLVEXd56hTDRGXuvdSiRyzPLTeffSwxPNKyP1JDl2heFhAICzDrMkBkxavrtar6x8 K6O/J2faTq7FFW1AddXw1tA4JAYYb7RmioB5/IHstFAvAkLTQLQCXkhSWi5omWwaDyaJ QuQf9yfxXCbLQF8mIn4SWSf62baAYhMOdpxi6hSrjh3FmIWPfietnJwKj9znGBuFq3ha BSDw== Received: by 10.50.168.1 with SMTP id zs1mr6483313igb.45.1340565686576; Sun, 24 Jun 2012 12:21:26 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id bo7sm12076715igb.2.2012.06.24.12.21.25 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 24 Jun 2012 12:21:26 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5OJLNHF021728 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 24 Jun 2012 15:21:23 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5OJLN3l021727; Sun, 24 Jun 2012 15:21:23 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Sun, 24 Jun 2012 15:21:23 -0400 From: "J. Hellenthal" To: Garrett Wollman Message-ID: <20120624192122.GB20832@DataIX.net> References: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> <20120624165920.GA85913@DataIX.net> <20120624181543.GA3652@DataIX.net> <20120624185217.GA11320@DataIX.net> <20455.26411.117114.791974@hergotha.csail.mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20455.26411.117114.791974@hergotha.csail.mit.edu> X-Gm-Message-State: ALoCoQlOef0Vwp94UBX6TdzUPxVOjbe97A753vIQ67tKqeF3EbZEf5sv4wxo77qNxwVsO6YLGdIh Cc: freebsd-security@freebsd.org Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 19:21:28 -0000 On Sun, Jun 24, 2012 at 03:14:51PM -0400, Garrett Wollman wrote: > < said: > > > 2048 is well more than efficient. Speaking soley for RSA in that matter. > > I asked R. about that a few months back, and he expressed the view > that 2,048 bits is the *minimum* RSA key size anyone should consider > using at this point. I'm willing to take his word for it. > I agree. its said that 2048 should be sufficient till at least 2030 ... we have a long time to go unless said quantum computing comes to generally available to the public. I'd like to think that by then most people that consider security seriously will already be changing to a different sized key. -- - (2^(N-1))