From owner-freebsd-security Wed Aug 28 13:43:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A0DE37B400 for ; Wed, 28 Aug 2002 13:43:19 -0700 (PDT) Received: from pd2mo3so.prod.shaw.ca (h24-71-223-10.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6220943E4A for ; Wed, 28 Aug 2002 13:43:18 -0700 (PDT) (envelope-from Colin_Percival@sfu.ca) Received: from pd5mr2so.prod.shaw.ca (pd5mr2so-qfe3.prod.shaw.ca [10.0.141.233]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 12 2002)) with ESMTP id <0H1K0069CMW5WL@l-daemon> for freebsd-security@FreeBSD.ORG; Wed, 28 Aug 2002 14:43:17 -0600 (MDT) Received: from pn2ml6so.prod.shaw.ca (pn2ml6so-qfe0.prod.shaw.ca [10.0.121.150]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 12 2002)) with ESMTP id <0H1K00EF5MW6ES@l-daemon> for freebsd-security@FreeBSD.ORG; Wed, 28 Aug 2002 14:43:18 -0600 (MDT) Received: from piii600.sfu.ca (h24-79-84-133.vc.shawcable.net [24.79.84.133]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 12 2002)) with ESMTP id <0H1K0087OMW5D1@l-daemon> for freebsd-security@FreeBSD.ORG; Wed, 28 Aug 2002 14:43:18 -0600 (MDT) Date: Wed, 28 Aug 2002 13:42:48 -0700 From: Colin Percival Subject: Re: 1024 bit key considered insecure (sshd) In-reply-to: <20020828232624.A9280@c7.campus.utcluj.ro> X-Sender: cperciva@popserver.sfu.ca To: veedee@c7.campus.utcluj.ro Cc: freebsd-security@FreeBSD.ORG Message-id: <5.0.2.1.1.20020828132755.0284b2a8@popserver.sfu.ca> MIME-version: 1.0 X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT References: <20020828200748.90964.qmail@mail.com> <20020828200748.90964.qmail@mail.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 23:26 28/08/2002 +0300, veedee@c7.campus.utcluj.ro wrote: >Just out of curiosity, can anyone with access to a gigabit network run some >tests and tell us the difference between using several different keys? Like >1024, 1280, 2048, 4096. >I'm curious if a bigger key really slows down the operation as Bruce Schneier >implies ("Doubling the key size roughly corresponds to a six-times speed >slowdown >in software"). It does slow things down to that extent (assuming O(n^1.585) multiplication, which is typical), for the asymmetric encryption operations. Once the connection is set up, symmetric encryption is used. Moving from 1024 bits up to 4096 bits would, on a typical machine, cause the connection setup to take half a second instead of a hundredth of a second, but beyond that there would be no difference. When I brought this up earlier (http://groups.google.com/groups?threadm=5.0.2.1.1.20020326024955.02392830%40popserver.sfu.ca) there was a concern about breaking v1 clients using the RSAREF library. Colin Percival To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message