Date: Mon, 25 Jun 2012 12:09:08 -0400 From: "J. Hellenthal" <jhellenthal@dataix.net> To: RW <rwmaillists@googlemail.com> Cc: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... Message-ID: <20120625160908.GA85086@DataIX.net> In-Reply-To: <20120625023104.2a0c7627@gumby.homeunix.com> References: <CA%2BQLa9A4gdgPEn3YBpExTG05e4mqbgxr2kJ16BQ27OSozVmmwQ@mail.gmail.com> <86zk7sxvc3.fsf@ds4.des.no> <CA%2BQLa9Dyu96AxmCNLcU8n5R21aTH6dStDT004iA516EH=jTkvQ@mail.gmail.com> <20120625023104.2a0c7627@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 25, 2012 at 02:31:04AM +0100, RW wrote: > On Sun, 24 Jun 2012 17:23:47 -0400 > Robert Simmons wrote: > > > On Sun, Jun 24, 2012 at 5:18 PM, Dag-Erling Smørgrav <des@des.no> > > wrote: > > > Robert Simmons <rsimmons0@gmail.com> writes: > > >> In light of advanced in processors and GPUs, what is the potential > > >> for duplication of RSA, DSA, and ECDSA keys at the current default > > >> key lengths (2048, 1024, and 256 respectively)? > > > > > > You do know that these keys are used only for authentication, and > > > not for encryption, right? > > > > Yes, the encryption key length is determined by which symmetric cipher > > is negotiated between the client and server based on what is available > > from the Ciphers line in sshd_config and ssh_config. > > I'm not very familiar with ssh, but surely they're also used for > session-key exchange, which makes them crucial to encryption. They > should be as secure as the strongest symmetric cipher they need to work > with. This should give you a good outline of it. http://www.linuxjournal.com/article/9566 -- - (2^(N-1))
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120625160908.GA85086>