From owner-freebsd-security@FreeBSD.ORG  Sun Jun 24 21:23:48 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AE60A106564A
	for <freebsd-security@freebsd.org>;
	Sun, 24 Jun 2012 21:23:48 +0000 (UTC)
	(envelope-from rsimmons0@gmail.com)
Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com
	[209.85.212.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 5AF468FC0C
	for <freebsd-security@freebsd.org>;
	Sun, 24 Jun 2012 21:23:48 +0000 (UTC)
Received: by vbmv11 with SMTP id v11so2077081vbm.13
	for <freebsd-security@freebsd.org>;
	Sun, 24 Jun 2012 14:23:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:content-type:content-transfer-encoding;
	bh=+8RCzHwcJ1PhRUA4LdbcjrZAxXDhv+RVo7Kzj0eLJgI=;
	b=yAyddrUjuN6yTLEInnq6e6/vwKzYW92NBQP/MgK+p51rhGkP/Jq6P511Yw8pq30Aa8
	3ajFvD7e+Y74erBiUpdpoWVnyqTqyMafNtZTkxggrkiGtI1i8asD9Zzsuntpuq5D5gfR
	7BGeCo58gcSBzBAG7MMsJIlEtL0MZvT1SooA1G8dFYbJwRAfXhWO34dTnuxKAtA+Xrd0
	g3sHmd8l+lnxnpPA4KJD+hsbkiD/Iy+zrkmf4t/891j5xChqLWn5isKjfSmrvSbXNn4W
	BV7U0Zexp+9BYrPbJSP2WP1Wj7bsi+alfxkGtnrjKV6+QrAvCSLvPwAEfXIV+yyNgdVy
	YD+Q==
MIME-Version: 1.0
Received: by 10.52.24.49 with SMTP id r17mr3371243vdf.71.1340573027637; Sun,
	24 Jun 2012 14:23:47 -0700 (PDT)
Received: by 10.52.16.148 with HTTP; Sun, 24 Jun 2012 14:23:47 -0700 (PDT)
In-Reply-To: <86zk7sxvc3.fsf@ds4.des.no>
References: <CA+QLa9A4gdgPEn3YBpExTG05e4mqbgxr2kJ16BQ27OSozVmmwQ@mail.gmail.com>
	<86zk7sxvc3.fsf@ds4.des.no>
Date: Sun, 24 Jun 2012 17:23:47 -0400
Message-ID: <CA+QLa9Dyu96AxmCNLcU8n5R21aTH6dStDT004iA516EH=jTkvQ@mail.gmail.com>
From: Robert Simmons <rsimmons0@gmail.com>
To: freebsd-security@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA
 ECDSA was Add rc.conf variables...
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jun 2012 21:23:48 -0000

On Sun, Jun 24, 2012 at 5:18 PM, Dag-Erling Sm=F8rgrav <des@des.no> wrote:
> Robert Simmons <rsimmons0@gmail.com> writes:
>> In light of advanced in processors and GPUs, what is the potential for
>> duplication of RSA, DSA, and ECDSA keys at the current default key
>> lengths (2048, 1024, and 256 respectively)?
>
> You do know that these keys are used only for authentication, and not
> for encryption, right?

Yes, the encryption key length is determined by which symmetric cipher
is negotiated between the client and server based on what is available
from the Ciphers line in sshd_config and ssh_config.