From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 12:20:21 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B2E541065676 for ; Mon, 25 Jun 2012 12:20:21 +0000 (UTC) (envelope-from dewayne.geraghty@heuristicsystems.com.au) Received: from nskntqsrv02p.mx.bigpond.com (nskntqsrv02p.mx.bigpond.com [61.9.168.234]) by mx1.freebsd.org (Postfix) with ESMTP id 395788FC0C for ; Mon, 25 Jun 2012 12:20:15 +0000 (UTC) Received: from nskntcmgw05p ([61.9.169.165]) by nskntmtas03p.mx.bigpond.com with ESMTP id <20120625070630.UIBI10464.nskntmtas03p.mx.bigpond.com@nskntcmgw05p> for ; Mon, 25 Jun 2012 07:06:30 +0000 Received: from hermes.heuristicsystems.com.au ([58.172.112.105]) by nskntcmgw05p with BigPond Outbound id SX6W1j00H2GVmci01X6WwZ; Mon, 25 Jun 2012 07:06:30 +0000 X-Authority-Analysis: v=2.0 cv=G9We4qY5 c=1 sm=1 a=0GO/22z+lHYfckWJ4naYnw==:17 a=8AS2J04VZr8A:10 a=twTT4oUKOlYA:10 a=kj9zAlcOel0A:10 a=GHIR_BbyAAAA:8 a=4ZDdAZLOAAAA:8 a=6oKW2ozWG3e2etH2DVMA:9 a=CjuIK1q_8ugA:10 a=0GO/22z+lHYfckWJ4naYnw==:117 Received: from white (white.hs [10.0.5.2]) (authenticated bits=0) by hermes.heuristicsystems.com.au (8.14.5/8.13.6) with ESMTP id q5P73rwp024737 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Mon, 25 Jun 2012 17:03:55 +1000 (EST) (envelope-from dewayne.geraghty@heuristicsystems.com.au) From: "Dewayne Geraghty" To: "'Robert Simmons'" References: Date: Mon, 25 Jun 2012 17:03:53 +1000 Message-ID: <8F192950D203416CA6E24E2BC89B24A5@white> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 Thread-Index: Ac1SQMA5v3bNWTKNRuy+XY2wxiGy4gAWvyMw X-Mailman-Approved-At: Mon, 25 Jun 2012 13:25:39 +0000 Cc: freebsd-security@freebsd.org Subject: RE: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 12:20:21 -0000 > And as a flip side to the argument, is there a reason not to > raise the default to 4096? Certainly the same advances in > processors makes this size key quite usable. I've seen no > noticeable slowness with 4096 bit RSA or 521 bit ECDSA. Robert, A good question and it's good to check underlying assumptions from time to time. Identifying a host using keys of greater than 2048 bits (RSA) adds little to the objective of ensuring that the host that you are intending to talk to, is who it purports to be. Taking a loose analogue, most secure websites use a certificate of 2048 bits, but these have the dual purpose of identifying the server, and negotiating a symmetric cipher. This isn't the case for an ssh host key, which only identifies the host before commencing the next asymmetric (account key) handshake. According to http://www.secg.org/download/aid-780/sec1-v2.pdf ECC 256 is roughly equivalent to RSA 3072 bits; the current bit sizes (RSA 2048) are supposed to be good until at least 2030. Though I don't know if this takes into account the US Air Forces recent SGI machine with 73,728 Xeon processors and 1.47 petabytes of memory. :) Its arguable that the ecdsa key size should be 224 bits, base on the previous pdf reference, but I digress :) When the server that you're connecting to is previously unknown to you, the next best piece of information is a DNS sshfp resource record (ssh public key fingerprint) as a source of verification. And this is only 16 bytes. Regards, Dewayne