From owner-freebsd-security  Thu Aug 29  4: 0: 9 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0135337B400
	for <freebsd-security@freebsd.org>; Thu, 29 Aug 2002 04:00:04 -0700 (PDT)
Received: from portal.eltex.ru (eltex-gw2.nw.ru [195.19.203.86])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4C04A43E42
	for <freebsd-security@freebsd.org>; Thu, 29 Aug 2002 03:59:42 -0700 (PDT)
	(envelope-from ark@eltex.ru)
Received: (from root@localhost)
	by portal.eltex.ru (8.12.3/8.11.3) id g7TAxVUi044694;
	Thu, 29 Aug 2002 14:59:31 +0400 (MSD)
	(envelope-from ark@eltex.ru)
Received: from yaksha.eltex.ru (root@yaksha.eltex.ru [195.19.198.2])
	by portal.eltex.ru (8.12.3/8.11.3av) with SMTP id g7TAxPsk044686;
	Thu, 29 Aug 2002 14:59:25 +0400 (MSD)
	(envelope-from ark@eltex.ru)
From: ark@eltex.ru
Received: by yaksha.eltex.ru (ssmtp TIS-1.1alpha, 17 Jan 2002); Thu, 29 Aug 2002 14:43:39 +0400
Received: from undisclosed-intranet-sender id smtpdWZ5632; Thu Aug 29 14:43:28 2002
Date: Thu, 29 Aug 2002 14:48:23 +0400
Message-Id: <200208291048.OAA26785@paranoid.eltex.ru>
In-Reply-To: <87k7mamc2s.fsf@snark.piermont.com> from ""Perry E. Metzger" <perry@piermont.com>"
Organization: "Klingon Imperial Intelligence Service"
Subject: Re: 1024 bit key considered insecure (sshd)
To: perry@piermont.com
Cc: misc@openbsd.org, mipam@ibb.net, Matthias@paranoid.eltex.ru,
	Buelow@paranoid.eltex.ru, <mkb@mukappabeta.de>,
	Stefan@paranoid.eltex.ru,
	=?iso-8859-1?q?Kr=FCger?=@paranoid.eltex.ru, <skrueger@europe.com>,
	freebsd-security@freebsd.org, tech-security@netbsd.org
X-Virus-Scanned: by Eltex TC
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Keep in mind that there are people who *spend* money on custom designed
hardware and there are people who just have _access_ to custom designed
hardware that costs millions of dollars.

(i.e. in mid-90s when my hat was black i used to have access to data downloaded
from damn expensive military satellite sniffer, no kidding)

"Perry E. Metzger" <perry@piermont.com> said :

> 
> Mipam <mipam@ibb.net> writes:
> > On Wed, Aug 28, 2002 at 10:57:55PM +0200, Matthias Buelow wrote:
> > > >and maybe we should update our rc scripts,
> > > >so that ssh-keygen generates at least 1280 Bit keys
> > > 
> > > I think this is highly overrated and only of theoretical
> > > value for most *BSD users.
> > 
> > I dont think its too much overrated and theoretical.
> 
> I do. If someone with millions of dollars to spend on custom designed
> hardware wants to break into your computer, I assure you that
> increasing the size of your ssh keys will not stop them. Nor, for that
> matter, would the slow and tedious process of cracking your ssh keys
> be nearly as efficient as the more pragmatic alternatives.
> 
> That said, those running on newer hardware can probably reasonably use
> larger keys if they wish.

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message