Date: Mon, 25 Jun 2012 02:31:04 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... Message-ID: <20120625023104.2a0c7627@gumby.homeunix.com> In-Reply-To: <CA%2BQLa9Dyu96AxmCNLcU8n5R21aTH6dStDT004iA516EH=jTkvQ@mail.gmail.com> References: <CA%2BQLa9A4gdgPEn3YBpExTG05e4mqbgxr2kJ16BQ27OSozVmmwQ@mail.gmail.com> <86zk7sxvc3.fsf@ds4.des.no> <CA%2BQLa9Dyu96AxmCNLcU8n5R21aTH6dStDT004iA516EH=jTkvQ@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
On Sun, 24 Jun 2012 17:23:47 -0400 Robert Simmons wrote: > On Sun, Jun 24, 2012 at 5:18 PM, Dag-Erling Smørgrav <des@des.no> > wrote: > > Robert Simmons <rsimmons0@gmail.com> writes: > >> In light of advanced in processors and GPUs, what is the potential > >> for duplication of RSA, DSA, and ECDSA keys at the current default > >> key lengths (2048, 1024, and 256 respectively)? > > > > You do know that these keys are used only for authentication, and > > not for encryption, right? > > Yes, the encryption key length is determined by which symmetric cipher > is negotiated between the client and server based on what is available > from the Ciphers line in sshd_config and ssh_config. I'm not very familiar with ssh, but surely they're also used for session-key exchange, which makes them crucial to encryption. They should be as secure as the strongest symmetric cipher they need to work with.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120625023104.2a0c7627>