Date: Wed, 28 Aug 2002 13:42:48 -0700 From: Colin Percival <Colin_Percival@sfu.ca> To: veedee@c7.campus.utcluj.ro Cc: freebsd-security@FreeBSD.ORG Subject: Re: 1024 bit key considered insecure (sshd) Message-ID: <5.0.2.1.1.20020828132755.0284b2a8@popserver.sfu.ca> In-Reply-To: <20020828232624.A9280@c7.campus.utcluj.ro> References: <20020828200748.90964.qmail@mail.com> <20020828200748.90964.qmail@mail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 23:26 28/08/2002 +0300, veedee@c7.campus.utcluj.ro wrote: >Just out of curiosity, can anyone with access to a gigabit network run some >tests and tell us the difference between using several different keys? Like >1024, 1280, 2048, 4096. >I'm curious if a bigger key really slows down the operation as Bruce Schneier >implies ("Doubling the key size roughly corresponds to a six-times speed >slowdown >in software"). It does slow things down to that extent (assuming O(n^1.585) multiplication, which is typical), for the asymmetric encryption operations. Once the connection is set up, symmetric encryption is used. Moving from 1024 bits up to 4096 bits would, on a typical machine, cause the connection setup to take half a second instead of a hundredth of a second, but beyond that there would be no difference. When I brought this up earlier (http://groups.google.com/groups?threadm=5.0.2.1.1.20020326024955.02392830%40popserver.sfu.ca) there was a concern about breaking v1 clients using the RSAREF library. Colin Percival To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20020828132755.0284b2a8>