From owner-freebsd-security Thu Aug 29 6:30:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0AAB837B400 for ; Thu, 29 Aug 2002 06:30:24 -0700 (PDT) Received: from snark.piermont.com (snark.piermont.com [166.84.151.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A16743E4A for ; Thu, 29 Aug 2002 06:30:23 -0700 (PDT) (envelope-from perry@piermont.com) Received: by snark.piermont.com (Postfix, from userid 1000) id 792F4D97CB; Thu, 29 Aug 2002 09:30:17 -0400 (EDT) To: "Karsten W. Rohrbach" Cc: mipam@ibb.net, Matthias Buelow , Stefan =?iso-8859-1?q?Kr=FCger?= , freebsd-security@FreeBSD.org, tech-security@netbsd.org, misc@openbsd.org Subject: Re: 1024 bit key considered insecure (sshd) References: <20020828200748.90964.qmail@mail.com> <3D6D3953.6090005@mukappabeta.de> <20020828224330.GE249@localhost> <87k7mamc2s.fsf@snark.piermont.com> <20020829091232.A53344@mail.webmonster.de> From: "Perry E. Metzger" Date: 29 Aug 2002 09:30:17 -0400 In-Reply-To: <20020829091232.A53344@mail.webmonster.de> Message-ID: <87bs7ln66u.fsf@snark.piermont.com> Lines: 23 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Karsten W. Rohrbach" writes: > Perry E. Metzger(perry@piermont.com)@2002.08.29 02:08:27 +0000: > > I do. If someone with millions of dollars to spend on custom designed > > hardware wants to break into your computer, I assure you that > > increasing the size of your ssh keys will not stop them. Nor, for that > > you missed the concept behind crypto in general, i think. it's not about > stopping someone from accessing private resources, but rather making > that approach to make access to these resources /very/ unattractive, by > increasing the amount of time (and thus $$$) an attacker has to effort > to get access. I would have thought spending at least hundreds of millions off dollars and (as importantly) at least months of time would have been considered "unattractive" enough to encourage other methods of getting at your data like breaking in to your physical location. Silly me. I guess I missed the concept behind crypto. -- Perry E. Metzger perry@piermont.com -- "Ask not what your country can force other people to do for you..." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message