Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 24 Jun 2012 15:44:47 -0400
From:      "J. Hellenthal" <jhellenthal@dataix.net>
To:        Robert Simmons <rsimmons0@gmail.com>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables...
Message-ID:  <20120624194447.GA22363@DataIX.net>
In-Reply-To: <CA%2BQLa9B8P7-xKT882cMLrtrw%2B%2BgsUxxVy=FTSSss1d_Cpod%2BLg@mail.gmail.com>
References:  <CA%2BQLa9A4gdgPEn3YBpExTG05e4mqbgxr2kJ16BQ27OSozVmmwQ@mail.gmail.com> <op.wge77quh34t2sn@skeletor.feld.me> <CA%2BQLa9B8P7-xKT882cMLrtrw%2B%2BgsUxxVy=FTSSss1d_Cpod%2BLg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Sun, Jun 24, 2012 at 03:34:15PM -0400, Robert Simmons wrote:
> On Sun, Jun 24, 2012 at 2:56 PM, Mark Felder <feld@feld.me> wrote:
> > On Sun, 24 Jun 2012 13:34:45 -0500, Robert Simmons <rsimmons0@gmail.com>
> > wrote:
> >
> >> In light of advanced in processors and GPUs, what is the potential for
> >> duplication of RSA, DSA, and ECDSA keys at the current default key
> >> lengths (2048, 1024, and 256 respectively)?
> >>
> >
> > I've been able to duplicate keys for years simply using cp(1)
> >
> > Define "duplicate". Are you asking about some sort of collision? Are you
> > asking about brute forcing an encrypted stream and deducing what the private
> > key is?
> 
> And as a flip side to the argument, is there a reason not to raise the
> default to 4096?  Certainly the same advances in processors makes this
> size key quite usable.  I've seen no noticeable slowness with 4096 bit
> RSA or 521 bit ECDSA.

But what happens when the default is raised to 4096 for RSA and a server
has 100, 200, 300 users ? does that processor time really get effected
then ? to me this is just the cost of security but only if it is needed.

Moreso what is the probabilty of communications being broken if the host
key is 2048 bit RSA and the user key is 4096 bit RSA

-- 

 - (2^(N-1))

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120624194447.GA22363>