Date: Tue, 26 Mar 2002 02:49:00 -0800 (PST) From: Jason Stone <jason@shalott.net> To: <freebsd-security@freebsd.org> Subject: Re: It's time for those 2048-, 3072-, and 4096-bit keys? Message-ID: <20020326021747.C11536-100000@walter> In-Reply-To: <20020326034234.Q10197-100000@patrocles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > However, I think it _would_ be safe to bump up the sshv1 session key > from 768 to the largest possible key < 1024 bits in the default > options. (I would say 1024 bits, but I believe that there's also some > stipulation that host key length != session key length.) This is correct - a 1024-bit hostkey causes sessions keys to be 1152-bits which will break rsaref-based clients. An 896-bit hostkey yields the desired 1024-bit session keys. Of course rsaref is old, buggy, copyright-encumbered, and ought not be used anymore under any circumstances. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8oFIjswXMWWtptckRAmnWAKDyY2LJeg04Ufj6sOSTuOibPzK2qQCfTu00 dMf+5M+dGdwOqp8SbhtyZS4= =b/im -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020326021747.C11536-100000>