From owner-freebsd-security@FreeBSD.ORG Sun Jun 24 17:26:23 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 06A6E1065677 for ; Sun, 24 Jun 2012 17:26:23 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id AC3348FC08 for ; Sun, 24 Jun 2012 17:26:22 +0000 (UTC) Received: by vbmv11 with SMTP id v11so2020480vbm.13 for ; Sun, 24 Jun 2012 10:26:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=01p0W4oir/sh6AdvTkZV3ukfWM3NP/8M604NJQu5ZRk=; b=f8f3eK9aOZda75F00h4gKPComibzq28xPC69hl/m2QzccV0sNQngN5A6t6SgpqtVGX 5K5MGY+nBGnT8SL9fdnR2JAuyjuYePqE9WWtRU5BArroboeCiQmJEs/wPR4QxT37QHWF vSi6j/2kvhjsHGtWEK+7XtbShO4ddQTxpG3AmNSkaARb+MucaKeafCYF0GIKFYqCWuUU G49k8FJlIdyskZhHm+jSZKWAVyHscfU7Dm3N3pqDymkP7XGM2EHCm0uE25ZUbtN+Iwef MUxxpO0UJvM9KI9sccF9TB2QvTqKCyMBebYpjTF6kTwheVN5Kvxb0eq9mgWqn5y4Yo3z zhUA== MIME-Version: 1.0 Received: by 10.221.9.197 with SMTP id ox5mr5835631vcb.17.1340558781976; Sun, 24 Jun 2012 10:26:21 -0700 (PDT) Received: by 10.52.16.148 with HTTP; Sun, 24 Jun 2012 10:26:21 -0700 (PDT) In-Reply-To: <20120624165920.GA85913@DataIX.net> References: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> <20120624165920.GA85913@DataIX.net> Date: Sun, 24 Jun 2012 13:26:21 -0400 Message-ID: From: Robert Simmons To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: Add rc.conf variables to control host key length X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 17:26:23 -0000 On Sun, Jun 24, 2012 at 12:59 PM, J. Hellenthal wrote: > These are more then sufficient for any normal ssh use. I'm sorry if I sound rude, but I wanted to have a bit more of a substantive discussion than quoting the man pages. Especially since what you are quoting dates back to a change to src/crypto/openssh/ssh-keygen.1 dated the following: Sun Sep 11 16:50:35 2005 UTC (6 years, 9 months ago) by des Being that the old "considered sufficient" of 1024 was added at the following revision date: Thu Feb 24 14:29:46 2000 UTC (12 years, 4 months ago) by markm I would say that we are exactly due for a real discussion as to what should be considered sufficient with regards to modern processors and GPUs.