From owner-freebsd-security  Wed Aug 28 23: 8:32 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D27BB37B400
	for <freebsd-security@FreeBSD.org>; Wed, 28 Aug 2002 23:08:30 -0700 (PDT)
Received: from snark.piermont.com (snark.piermont.com [166.84.151.72])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D0BF043E6E
	for <freebsd-security@FreeBSD.org>; Wed, 28 Aug 2002 23:08:29 -0700 (PDT)
	(envelope-from perry@piermont.com)
Received: by snark.piermont.com (Postfix, from userid 1000)
	id 64310D97C9; Thu, 29 Aug 2002 02:08:27 -0400 (EDT)
To: mipam@ibb.net
Cc: Matthias Buelow <mkb@mukappabeta.de>,
	Stefan =?iso-8859-1?q?Kr=FCger?= <skrueger@europe.com>,
	freebsd-security@FreeBSD.org, tech-security@netbsd.org,
	misc@openbsd.org
Subject: Re: 1024 bit key considered insecure (sshd)
References: <20020828200748.90964.qmail@mail.com>
	<3D6D3953.6090005@mukappabeta.de> <20020828224330.GE249@localhost>
From: "Perry E. Metzger" <perry@piermont.com>
Date: 29 Aug 2002 02:08:27 -0400
In-Reply-To: <20020828224330.GE249@localhost>
Message-ID: <87k7mamc2s.fsf@snark.piermont.com>
Lines: 26
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Mipam <mipam@ibb.net> writes:
> On Wed, Aug 28, 2002 at 10:57:55PM +0200, Matthias Buelow wrote:
> > >and maybe we should update our rc scripts,
> > >so that ssh-keygen generates at least 1280 Bit keys
> > 
> > I think this is highly overrated and only of theoretical
> > value for most *BSD users.
> 
> I dont think its too much overrated and theoretical.

I do. If someone with millions of dollars to spend on custom designed
hardware wants to break into your computer, I assure you that
increasing the size of your ssh keys will not stop them. Nor, for that
matter, would the slow and tedious process of cracking your ssh keys
be nearly as efficient as the more pragmatic alternatives.

That said, those running on newer hardware can probably reasonably use
larger keys if they wish.



-- 
Perry E. Metzger		perry@piermont.com
--
"Ask not what your country can force other people to do for you..."

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message