Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 24 Jun 2012 13:26:21 -0400
From:      Robert Simmons <rsimmons0@gmail.com>
To:        freebsd-security@freebsd.org
Subject:   Re: Add rc.conf variables to control host key length
Message-ID:  <CA%2BQLa9C04d3fkk6r2apLti4vn%2BJ8_fai--qK2yQobmXD%2BbdTww@mail.gmail.com>
In-Reply-To: <20120624165920.GA85913@DataIX.net>
References:  <CA%2BQLa9CX26xEwRsz3g6FvBBbbFE0Gfw%2BUR6_RHYOXgZFcgCw5w@mail.gmail.com> <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> <20120624165920.GA85913@DataIX.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jun 24, 2012 at 12:59 PM, J. Hellenthal <jhellenthal@dataix.net> wrote:
> These are more then sufficient for any normal ssh use.

I'm sorry if I sound rude, but I wanted to have a bit more of a
substantive discussion than quoting the man pages.  Especially since
what you are quoting dates back to a change to
src/crypto/openssh/ssh-keygen.1 dated the following:
Sun Sep 11 16:50:35 2005 UTC (6 years, 9 months ago) by des

Being that the old "considered sufficient" of 1024 was added at the
following revision date:
Thu Feb 24 14:29:46 2000 UTC (12 years, 4 months ago) by markm

I would say that we are exactly due for a real discussion as to what
should be considered sufficient with regards to modern processors and
GPUs.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9C04d3fkk6r2apLti4vn%2BJ8_fai--qK2yQobmXD%2BbdTww>