Date: Thu, 29 Aug 2002 02:35:08 -0700 From: David Schultz <dschultz@uclink.Berkeley.EDU> To: "Karsten W. Rohrbach" <karsten@rohrbach.de> Cc: "Perry E. Metzger" <perry@piermont.com>, mipam@ibb.net, Matthias Buelow <mkb@mukappabeta.de>, "Stefan =?us-ascii:iso-8859-1?Q?Kr=FCger?=" <skrueger@europe.com>, freebsd-security@FreeBSD.ORG, tech-security@netbsd.org, misc@openbsd.org Subject: Re: 1024 bit key considered insecure (sshd) Message-ID: <20020829093508.GB58871@HAL9000.homeunix.com> In-Reply-To: <20020829091232.A53344@mail.webmonster.de> References: <20020828200748.90964.qmail@mail.com> <3D6D3953.6090005@mukappabeta.de> <20020828224330.GE249@localhost> <87k7mamc2s.fsf@snark.piermont.com> <20020829091232.A53344@mail.webmonster.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Thus spake Karsten W. Rohrbach <karsten@rohrbach.de>: > Perry E. Metzger(perry@piermont.com)@2002.08.29 02:08:27 +0000: > > I do. If someone with millions of dollars to spend on custom designed > > hardware wants to break into your computer, I assure you that > > increasing the size of your ssh keys will not stop them. Nor, for that > > you missed the concept behind crypto in general, i think. it's not about > stopping someone from accessing private resources, but rather making > that approach to make access to these resources /very/ unattractive, by > increasing the amount of time (and thus $$$) an attacker has to effort > to get access. I believe his point is that increasing the costs of the hardware required to break your key from 1 million dollars to 1 trillion dollars is not worthwhile because the process is effectively infeasible either way. Though it's true that the performance penalty of larger keys isn't too bad, you're going to break lots of older software for essentially no good reason. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020829093508.GB58871>