From owner-freebsd-security Mon Mar 25 19:49:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from patrocles.silby.com (d53.as28.nwbl0.wi.voyager.net [169.207.69.53]) by hub.freebsd.org (Postfix) with ESMTP id 2C5AC37B41B for ; Mon, 25 Mar 2002 19:49:48 -0800 (PST) Received: from patrocles.silby.com (localhost [127.0.0.1]) by patrocles.silby.com (8.12.2/8.12.2) with ESMTP id g2Q9m7UH013129; Tue, 26 Mar 2002 03:48:07 -0600 (CST) (envelope-from silby@silby.com) Received: from localhost (silby@localhost) by patrocles.silby.com (8.12.2/8.12.2/Submit) with ESMTP id g2Q9lnBB013126; Tue, 26 Mar 2002 03:48:06 -0600 (CST) X-Authentication-Warning: patrocles.silby.com: silby owned process doing -bs Date: Tue, 26 Mar 2002 03:47:49 -0600 (CST) From: Mike Silbersack To: Colin Percival Cc: freebsd-security@freebsd.org Subject: Re: It's time for those 2048-, 3072-, and 4096-bit keys? In-Reply-To: <5.0.2.1.1.20020326024955.02392830@popserver.sfu.ca> Message-ID: <20020326034234.Q10197-100000@patrocles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 26 Mar 2002, Colin Percival wrote: > Is there any other reason for not changing the default key size? > > Colin Percival Versions of ssh which use RSAREF (those compiled before the patent ended, basically) can't handle keys over 1024 bits in length, IIRC. Hence, you'd have to be very careful when bumping up the size of sshv1 keys on a system which may have old clients connection. However, I think it _would_ be safe to bump up the sshv1 session key from 768 to the largest possible key < 1024 bits in the default options. (I would say 1024 bits, but I believe that there's also some stipulation that host key length != session key length.) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message