Date: Thu, 29 Aug 2002 09:12:32 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: "Perry E. Metzger" <perry@piermont.com> Cc: mipam@ibb.net, Matthias Buelow <mkb@mukappabeta.de>, =?iso-8859-1?Q?Stefan_Kr=FCger?= <skrueger@europe.com>, freebsd-security@FreeBSD.org, tech-security@netbsd.org, misc@openbsd.org Subject: Re: 1024 bit key considered insecure (sshd) Message-ID: <20020829091232.A53344@mail.webmonster.de> In-Reply-To: <87k7mamc2s.fsf@snark.piermont.com>; from perry@piermont.com on Thu, Aug 29, 2002 at 02:08:27AM -0400 References: <20020828200748.90964.qmail@mail.com> <3D6D3953.6090005@mukappabeta.de> <20020828224330.GE249@localhost> <87k7mamc2s.fsf@snark.piermont.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--8t9RHnE3ZwKMSgU+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Perry E. Metzger(perry@piermont.com)@2002.08.29 02:08:27 +0000: > I do. If someone with millions of dollars to spend on custom designed > hardware wants to break into your computer, I assure you that > increasing the size of your ssh keys will not stop them. Nor, for that you missed the concept behind crypto in general, i think. it's not about stopping someone from accessing private resources, but rather making that approach to make access to these resources /very/ unattractive, by increasing the amount of time (and thus $$$) an attacker has to effort to get access. > matter, would the slow and tedious process of cracking your ssh keys > be nearly as efficient as the more pragmatic alternatives. the slower, the better, as a direct consequence of my last paragraph. > That said, those running on newer hardware can probably reasonably use > larger keys if they wish. increasing the server's key width imposes a higher processing cost for the initial handshake. efficiency of the cipher used for transit encryption is not directly affected. regards, /k --=20 > Hackers know all the right MOVs. WebMonster Community Project -- Reliable and quick since 1998 -- All on BSD http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.= de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C 5F 0B E0 6B 4D CD 8C 44 My mail is GnuPG signed - Unsigned ones might be bogus - http://www.gnupg.o= rg/ Please do not remove my address from To: and Cc: fields in mailing lists. 1= 0x --8t9RHnE3ZwKMSgU+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iD8DBQE9bclgs5Nr9N7JSKYRAl8AAJ9dhYWcjTJISSlHe6CcgtN260zwjACfcqMU 7hEFoxpqdhX75nCvqd8TgJY= =VVrX -----END PGP SIGNATURE----- --8t9RHnE3ZwKMSgU+-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020829091232.A53344>