From owner-freebsd-security Thu Aug 29 8:21:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B0BCD37B400 for ; Thu, 29 Aug 2002 08:21:35 -0700 (PDT) Received: from mail.getnet.net (mail.getnet.net [216.19.223.10]) by mx1.FreeBSD.org (Postfix) with SMTP id 4B69A43E42 for ; Thu, 29 Aug 2002 08:21:35 -0700 (PDT) (envelope-from seth@cql.com) Received: (qmail 2641 invoked from network); 29 Aug 2002 15:21:34 -0000 Received: from 216-19-209-140.getnet.net (HELO Lawrence) (216.19.209.140) by 0 with SMTP; 29 Aug 2002 15:21:34 -0000 From: Seth Kurtzberg Organization: M. I. S. Corp To: "Perry E. Metzger" , "Karsten W. Rohrbach" Subject: Re: 1024 bit key considered insecure (sshd) Date: Thu, 29 Aug 2002 08:02:23 -0700 User-Agent: KMail/1.4.6 Cc: mipam@ibb.net, Matthias Buelow , Stefan =?iso-8859-1?q?Kr=FCger?= , freebsd-security@FreeBSD.org, tech-security@netbsd.org, misc@openbsd.org References: <20020828200748.90964.qmail@mail.com> <20020829091232.A53344@mail.webmonster.de> <87bs7ln66u.fsf@snark.piermont.com> In-Reply-To: <87bs7ln66u.fsf@snark.piermont.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200208290802.23540.seth@cql.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The other piece of the crypto puzzle that is frequently misunderstood (not flames! I'm not saying misunderstood by anyone participating in this discussion!) is that data is typically sensitive for a limited period of time. The fact that you could crack a password in a year becomes quite irrelevant if the protected data is no longer sensitive after a month. Intelligently archiving older data that doesn't need to remain on-line helps this situation. On Thursday 29 August 2002 06:30, Perry E. Metzger wrote: > "Karsten W. Rohrbach" writes: > > Perry E. Metzger(perry@piermont.com)@2002.08.29 02:08:27 +0000: > > > I do. If someone with millions of dollars to spend on custom designed > > > hardware wants to break into your computer, I assure you that > > > increasing the size of your ssh keys will not stop them. Nor, for that > > > > you missed the concept behind crypto in general, i think. it's not about > > stopping someone from accessing private resources, but rather making > > that approach to make access to these resources /very/ unattractive, by > > increasing the amount of time (and thus $$$) an attacker has to effort > > to get access. > > I would have thought spending at least hundreds of millions off > dollars and (as importantly) at least months of time would have been > considered "unattractive" enough to encourage other methods of getting > at your data like breaking in to your physical location. Silly me. I > guess I missed the concept behind crypto. -- ----------------------------------- Seth Kurtzberg M. I. S. Corp. 1-480-661-1849 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message