From owner-freebsd-security Tue Mar 26 2:49:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by hub.freebsd.org (Postfix) with ESMTP id D5E0737B417 for ; Tue, 26 Mar 2002 02:49:05 -0800 (PST) Received: (qmail 98210 invoked by uid 1000); 26 Mar 2002 10:49:08 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 26 Mar 2002 10:49:08 -0000 Date: Tue, 26 Mar 2002 02:49:00 -0800 (PST) From: Jason Stone X-X-Sender: To: Subject: Re: It's time for those 2048-, 3072-, and 4096-bit keys? In-Reply-To: <20020326034234.Q10197-100000@patrocles.silby.com> Message-ID: <20020326021747.C11536-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > However, I think it _would_ be safe to bump up the sshv1 session key > from 768 to the largest possible key < 1024 bits in the default > options. (I would say 1024 bits, but I believe that there's also some > stipulation that host key length != session key length.) This is correct - a 1024-bit hostkey causes sessions keys to be 1152-bits which will break rsaref-based clients. An 896-bit hostkey yields the desired 1024-bit session keys. Of course rsaref is old, buggy, copyright-encumbered, and ought not be used anymore under any circumstances. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8oFIjswXMWWtptckRAmnWAKDyY2LJeg04Ufj6sOSTuOibPzK2qQCfTu00 dMf+5M+dGdwOqp8SbhtyZS4= =b/im -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message