Date: Thu, 29 Aug 2002 14:48:23 +0400 From: ark@eltex.ru To: perry@piermont.com Cc: misc@openbsd.org, mipam@ibb.net, Matthias@paranoid.eltex.ru, Buelow@paranoid.eltex.ru, <mkb@mukappabeta.de>, Stefan@paranoid.eltex.ru, =?iso-8859-1?q?Kr=FCger?=@paranoid.eltex.ru, <skrueger@europe.com>, freebsd-security@freebsd.org, tech-security@netbsd.org Subject: Re: 1024 bit key considered insecure (sshd) Message-ID: <200208291048.OAA26785@paranoid.eltex.ru> In-Reply-To: <87k7mamc2s.fsf@snark.piermont.com> from ""Perry E. Metzger" <perry@piermont.com>"
next in thread | previous in thread | raw e-mail | index | archive | help
Keep in mind that there are people who *spend* money on custom designed
hardware and there are people who just have _access_ to custom designed
hardware that costs millions of dollars.
(i.e. in mid-90s when my hat was black i used to have access to data downloaded
from damn expensive military satellite sniffer, no kidding)
"Perry E. Metzger" <perry@piermont.com> said :
>
> Mipam <mipam@ibb.net> writes:
> > On Wed, Aug 28, 2002 at 10:57:55PM +0200, Matthias Buelow wrote:
> > > >and maybe we should update our rc scripts,
> > > >so that ssh-keygen generates at least 1280 Bit keys
> > >
> > > I think this is highly overrated and only of theoretical
> > > value for most *BSD users.
> >
> > I dont think its too much overrated and theoretical.
>
> I do. If someone with millions of dollars to spend on custom designed
> hardware wants to break into your computer, I assure you that
> increasing the size of your ssh keys will not stop them. Nor, for that
> matter, would the slow and tedious process of cracking your ssh keys
> be nearly as efficient as the more pragmatic alternatives.
>
> That said, those running on newer hardware can probably reasonably use
> larger keys if they wish.
_ _ _ _ _ _ _
{::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
(##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
[||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208291048.OAA26785>