From owner-freebsd-security Wed Aug 28 13:58: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB28F37B400 for ; Wed, 28 Aug 2002 13:57:57 -0700 (PDT) Received: from reiher.informatik.uni-wuerzburg.de (wi4d22.informatik.uni-wuerzburg.de [132.187.101.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 299F743E6A for ; Wed, 28 Aug 2002 13:57:57 -0700 (PDT) (envelope-from mkb@mukappabeta.de) Received: from mukappabeta.de (localhost [127.0.0.1]) by reiher.informatik.uni-wuerzburg.de (Postfix) with ESMTP id 958D1B204; Wed, 28 Aug 2002 22:57:55 +0200 (CEST) Message-ID: <3D6D3953.6090005@mukappabeta.de> Date: Wed, 28 Aug 2002 22:57:55 +0200 From: Matthias Buelow User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.0) Gecko/20020607 X-Accept-Language: de, en, en-us, fr MIME-Version: 1.0 To: =?ISO-8859-1?Q?Stefan_Kr=FCger?= Cc: freebsd-security@FreeBSD.org, tech-security@NetBSD.org, misc@openbsd.org Subject: Re: 1024 bit key considered insecure (sshd) References: <20020828200748.90964.qmail@mail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Stefan Krüger wrote: > Hi folks, > > I've just read: > > http://www.counterpane.com/crypto-gram-0204.html#3 and > http://online.securityfocus.com/archive/1/263924 > > and maybe we should update our rc scripts, > so that ssh-keygen generates at least 1280 Bit keys I think this is highly overrated and only of theoretical value for most *BSD users. It would be ok to document, for some paranoid users which fall for the hype but then please leave it at that. Some of us run NetBSD on old hardware and don't want to be crippled by excessive default values with little or no practical impact. --mkb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message