From owner-freebsd-security  Wed Aug 28 13:58: 2 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CB28F37B400
	for <freebsd-security@FreeBSD.org>; Wed, 28 Aug 2002 13:57:57 -0700 (PDT)
Received: from reiher.informatik.uni-wuerzburg.de (wi4d22.informatik.uni-wuerzburg.de [132.187.101.122])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 299F743E6A
	for <freebsd-security@FreeBSD.org>; Wed, 28 Aug 2002 13:57:57 -0700 (PDT)
	(envelope-from mkb@mukappabeta.de)
Received: from mukappabeta.de (localhost [127.0.0.1])
	by reiher.informatik.uni-wuerzburg.de (Postfix) with ESMTP
	id 958D1B204; Wed, 28 Aug 2002 22:57:55 +0200 (CEST)
Message-ID: <3D6D3953.6090005@mukappabeta.de>
Date: Wed, 28 Aug 2002 22:57:55 +0200
From: Matthias Buelow <mkb@mukappabeta.de>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.0) Gecko/20020607
X-Accept-Language: de, en, en-us, fr
MIME-Version: 1.0
To: =?ISO-8859-1?Q?Stefan_Kr=FCger?= <skrueger@europe.com>
Cc: freebsd-security@FreeBSD.org, tech-security@NetBSD.org,
	misc@openbsd.org
Subject: Re: 1024 bit key considered insecure (sshd)
References: <20020828200748.90964.qmail@mail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Stefan Krüger wrote:
> Hi folks,
> 
> I've just read:
> 
> http://www.counterpane.com/crypto-gram-0204.html#3 and
> http://online.securityfocus.com/archive/1/263924
> 
> and maybe we should update our rc scripts,
> so that ssh-keygen generates at least 1280 Bit keys

I think this is highly overrated and only of theoretical
value for most *BSD users.  It would be ok to document,
for some paranoid users which fall for the hype but then
please leave it at that.  Some of us run NetBSD on old
hardware and don't want to be crippled by excessive
default values with little or no practical impact.

--mkb



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message