From owner-freebsd-security Thu Aug 29 2:34:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F289F37B400 for ; Thu, 29 Aug 2002 02:34:27 -0700 (PDT) Received: from HAL9000.homeunix.com (12-232-220-15.client.attbi.com [12.232.220.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FAEC43E6A for ; Thu, 29 Aug 2002 02:34:27 -0700 (PDT) (envelope-from dschultz@uclink.Berkeley.EDU) Received: from HAL9000.homeunix.com (localhost [127.0.0.1]) by HAL9000.homeunix.com (8.12.5/8.12.5) with ESMTP id g7T9Z91v061428; Thu, 29 Aug 2002 02:35:09 -0700 (PDT) (envelope-from dschultz@uclink.Berkeley.EDU) Received: (from das@localhost) by HAL9000.homeunix.com (8.12.5/8.12.5/Submit) id g7T9Z8su061427; Thu, 29 Aug 2002 02:35:08 -0700 (PDT) (envelope-from dschultz@uclink.Berkeley.EDU) Date: Thu, 29 Aug 2002 02:35:08 -0700 From: David Schultz To: "Karsten W. Rohrbach" Cc: "Perry E. Metzger" , mipam@ibb.net, Matthias Buelow , "Stefan =?us-ascii:iso-8859-1?Q?Kr=FCger?=" , freebsd-security@FreeBSD.ORG, tech-security@netbsd.org, misc@openbsd.org Subject: Re: 1024 bit key considered insecure (sshd) Message-ID: <20020829093508.GB58871@HAL9000.homeunix.com> Mail-Followup-To: "Karsten W. Rohrbach" , "Perry E. Metzger" , mipam@ibb.net, Matthias Buelow , "Stefan =?us-ascii:iso-8859-1?Q?Kr=FCger?=" , freebsd-security@FreeBSD.ORG, tech-security@netbsd.org, misc@openbsd.org References: <20020828200748.90964.qmail@mail.com> <3D6D3953.6090005@mukappabeta.de> <20020828224330.GE249@localhost> <87k7mamc2s.fsf@snark.piermont.com> <20020829091232.A53344@mail.webmonster.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020829091232.A53344@mail.webmonster.de> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thus spake Karsten W. Rohrbach : > Perry E. Metzger(perry@piermont.com)@2002.08.29 02:08:27 +0000: > > I do. If someone with millions of dollars to spend on custom designed > > hardware wants to break into your computer, I assure you that > > increasing the size of your ssh keys will not stop them. Nor, for that > > you missed the concept behind crypto in general, i think. it's not about > stopping someone from accessing private resources, but rather making > that approach to make access to these resources /very/ unattractive, by > increasing the amount of time (and thus $$$) an attacker has to effort > to get access. I believe his point is that increasing the costs of the hardware required to break your key from 1 million dollars to 1 trillion dollars is not worthwhile because the process is effectively infeasible either way. Though it's true that the performance penalty of larger keys isn't too bad, you're going to break lots of older software for essentially no good reason. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message