Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 24 Jun 2012 15:34:15 -0400
From:      Robert Simmons <rsimmons0@gmail.com>
To:        freebsd-security@freebsd.org
Subject:   Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables...
Message-ID:  <CA%2BQLa9B8P7-xKT882cMLrtrw%2B%2BgsUxxVy=FTSSss1d_Cpod%2BLg@mail.gmail.com>
In-Reply-To: <op.wge77quh34t2sn@skeletor.feld.me>
References:  <CA%2BQLa9A4gdgPEn3YBpExTG05e4mqbgxr2kJ16BQ27OSozVmmwQ@mail.gmail.com> <op.wge77quh34t2sn@skeletor.feld.me>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jun 24, 2012 at 2:56 PM, Mark Felder <feld@feld.me> wrote:
> On Sun, 24 Jun 2012 13:34:45 -0500, Robert Simmons <rsimmons0@gmail.com>
> wrote:
>
>> In light of advanced in processors and GPUs, what is the potential for
>> duplication of RSA, DSA, and ECDSA keys at the current default key
>> lengths (2048, 1024, and 256 respectively)?
>>
>
> I've been able to duplicate keys for years simply using cp(1)
>
> Define "duplicate". Are you asking about some sort of collision? Are you
> asking about brute forcing an encrypted stream and deducing what the private
> key is?

And as a flip side to the argument, is there a reason not to raise the
default to 4096?  Certainly the same advances in processors makes this
size key quite usable.  I've seen no noticeable slowness with 4096 bit
RSA or 521 bit ECDSA.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9B8P7-xKT882cMLrtrw%2B%2BgsUxxVy=FTSSss1d_Cpod%2BLg>