From owner-freebsd-security  Tue Mar 26 10:28: 3 2002
Delivered-To: freebsd-security@freebsd.org
Received: from patrocles.silby.com (d32.as7.nwbl0.wi.voyager.net [169.207.128.160])
	by hub.freebsd.org (Postfix) with ESMTP id CA96A37B41E
	for <freebsd-security@freebsd.org>; Tue, 26 Mar 2002 10:27:54 -0800 (PST)
Received: from patrocles.silby.com (localhost [127.0.0.1])
	by patrocles.silby.com (8.12.2/8.12.2) with ESMTP id g2R0QHUH015744;
	Tue, 26 Mar 2002 18:26:17 -0600 (CST)
	(envelope-from silby@silby.com)
Received: from localhost (silby@localhost)
	by patrocles.silby.com (8.12.2/8.12.2/Submit) with ESMTP id g2R0QErk015741;
	Tue, 26 Mar 2002 18:26:16 -0600 (CST)
X-Authentication-Warning: patrocles.silby.com: silby owned process doing -bs
Date: Tue, 26 Mar 2002 18:26:14 -0600 (CST)
From: Mike Silbersack <silby@silby.com>
To: "Karsten W. Rohrbach" <karsten@rohrbach.de>
Cc: Colin Percival <colin.percival@wadham.ox.ac.uk>,
	<freebsd-security@freebsd.org>
Subject: Re: It's time for those 2048-, 3072-, and 4096-bit keys?
In-Reply-To: <20020326185714.F22539@mail.webmonster.de>
Message-ID: <20020326182003.F15545-100000@patrocles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Tue, 26 Mar 2002, Karsten W. Rohrbach wrote:

> Mike Silbersack(silby@silby.com)@2002.03.26 03:47:49 +0000:
> >
> > Versions of ssh which use RSAREF (those compiled before the patent ended,
> > basically) can't handle keys over 1024 bits in length, IIRC.  Hence, you'd
> > have to be very careful when bumping up the size of sshv1 keys on a system
> > which may have old clients connection.
>
> shouldn't the v1 protocol be killed anyway? ;-) i guess in the states
> you still got a lot of rsa driven clients, eh? in case of field
> upgradeability of the clients, i would switch to v2 (which actually is
> what i did on several public systems) and the users are very happy about
> the new features (like twofish, etc) that it gives them.
>
> /k

Yes, upgrading clients to v2 would be best.  However, I don't think that
locking out v1 users would be the best way to achieve that.  The most
likely result of doing so would be people falling back to telnet.

I'm not too concerned about the v1 keylength, as it is obsolete.  I'll
look into what it would take to change the default one of these days when
I have time.

What does slightly concern me is the RSA usage in sshv2 which has appeared
recently.  Increasing the keylength for those uses seems like a good idea
in the long run.  However, I haven't even looked at the keylengths used in
that case yet; they may already be more than long enough.

Mike "Silby" Silbersack


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message