Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 26 Mar 2002 18:57:14 +0100
From:      "Karsten W. Rohrbach" <karsten@rohrbach.de>
To:        Mike Silbersack <silby@silby.com>
Cc:        Colin Percival <colin.percival@wadham.ox.ac.uk>, freebsd-security@freebsd.org
Subject:   Re: It's time for those 2048-, 3072-, and 4096-bit keys?
Message-ID:  <20020326185714.F22539@mail.webmonster.de>
In-Reply-To: <20020326034234.Q10197-100000@patrocles.silby.com>; from silby@silby.com on Tue, Mar 26, 2002 at 03:47:49AM -0600
References:  <5.0.2.1.1.20020326024955.02392830@popserver.sfu.ca> <20020326034234.Q10197-100000@patrocles.silby.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--aPdhxNJGSeOG9wFI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Mike Silbersack(silby@silby.com)@2002.03.26 03:47:49 +0000:
>=20
> Versions of ssh which use RSAREF (those compiled before the patent ended,
> basically) can't handle keys over 1024 bits in length, IIRC.  Hence, you'd
> have to be very careful when bumping up the size of sshv1 keys on a system
> which may have old clients connection.

shouldn't the v1 protocol be killed anyway? ;-) i guess in the states
you still got a lot of rsa driven clients, eh? in case of field
upgradeability of the clients, i would switch to v2 (which actually is
what i did on several public systems) and the users are very happy about
the new features (like twofish, etc) that it gives them.

/k

--=20
> "Niklaus Wirth has lamented that, whereas Europeans pronounce his name
> correctly (Ni-klows Virt), Americans invariably mangle it into
> (Nick-les Worth).  Which is to say that Europeans call him by name, but
> Americans call him by value."
KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie
http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n=
et/
GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE  DF22 3340 4F4E 2964 B=
F46
My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/
Please do not remove my address from To: and Cc: fields in mailing lists. 1=
0x

--aPdhxNJGSeOG9wFI
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8oLZ5M0BPTilkv0YRAiBmAJ42BQLdQEl7c/LKTS2xKADGuErThQCfZCMc
OmngsG5Uwgp70naam39n5tQ=
=wf/t
-----END PGP SIGNATURE-----

--aPdhxNJGSeOG9wFI--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020326185714.F22539>