Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 25 Jun 2012 02:31:04 +0100
From:      RW <rwmaillists@googlemail.com>
To:        freebsd-security@freebsd.org
Subject:   Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables...
Message-ID:  <20120625023104.2a0c7627@gumby.homeunix.com>
In-Reply-To: <CA%2BQLa9Dyu96AxmCNLcU8n5R21aTH6dStDT004iA516EH=jTkvQ@mail.gmail.com>
References:  <CA%2BQLa9A4gdgPEn3YBpExTG05e4mqbgxr2kJ16BQ27OSozVmmwQ@mail.gmail.com> <86zk7sxvc3.fsf@ds4.des.no> <CA%2BQLa9Dyu96AxmCNLcU8n5R21aTH6dStDT004iA516EH=jTkvQ@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 24 Jun 2012 17:23:47 -0400
Robert Simmons wrote:

> On Sun, Jun 24, 2012 at 5:18 PM, Dag-Erling Sm=F8rgrav <des@des.no>
> wrote:
> > Robert Simmons <rsimmons0@gmail.com> writes:
> >> In light of advanced in processors and GPUs, what is the potential
> >> for duplication of RSA, DSA, and ECDSA keys at the current default
> >> key lengths (2048, 1024, and 256 respectively)?
> >
> > You do know that these keys are used only for authentication, and
> > not for encryption, right?
>=20
> Yes, the encryption key length is determined by which symmetric cipher
> is negotiated between the client and server based on what is available
> from the Ciphers line in sshd_config and ssh_config.

I'm not very familiar with ssh, but surely they're also used for
session-key exchange, which makes them crucial to encryption. They
should be as secure as the strongest symmetric cipher they need to work
with.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120625023104.2a0c7627>