From owner-freebsd-security@FreeBSD.ORG Mon Jun 25 01:31:09 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B8C561065678 for ; Mon, 25 Jun 2012 01:31:09 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-we0-f182.google.com (mail-we0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 44F118FC0A for ; Mon, 25 Jun 2012 01:31:09 +0000 (UTC) Received: by werg1 with SMTP id g1so3225795wer.13 for ; Sun, 24 Jun 2012 18:31:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=CzTfRvcKfKWx9ERkZH/dTMNeysYP2UHHMjLIp7SQ8I4=; b=H/VE8jYydsAL21rRBt2cHKSF6zWJLTZTL8myIQbr45xCAGkHIGBBtIQxPzDvTFvsu5 6P3J4Gg8X2Lzu8nt1XlpShqsDsVwyJIAwOgQTwJmXBfWEgrDM+OGjVJCTXxaWLZRv0xR EOasx2MrptvXiDcaqXdgy69mYBNlpmzg7+r7vwWRpgUCQ5SyltNjqogGwL87rONjT5Ah AohVVBIEIwuT5Fc0km5JL1Pu7TQ2sxHLXZi1sCqCjNBbdOL2jPAPutiNNy9jL90QNJk1 2qr0/B87rctQw+UnK1QaBGYywkdv7R72Se38bA8JYhREWOmeUxh+0fFTvEIFSPXeEXWM PFGA== Received: by 10.180.102.9 with SMTP id fk9mr24186362wib.1.1340587868140; Sun, 24 Jun 2012 18:31:08 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id bg10sm3267365wib.9.2012.06.24.18.31.06 (version=SSLv3 cipher=OTHER); Sun, 24 Jun 2012 18:31:07 -0700 (PDT) Date: Mon, 25 Jun 2012 02:31:04 +0100 From: RW To: freebsd-security@freebsd.org Message-ID: <20120625023104.2a0c7627@gumby.homeunix.com> In-Reply-To: References: <86zk7sxvc3.fsf@ds4.des.no> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables... X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2012 01:31:09 -0000 On Sun, 24 Jun 2012 17:23:47 -0400 Robert Simmons wrote: > On Sun, Jun 24, 2012 at 5:18 PM, Dag-Erling Sm=F8rgrav > wrote: > > Robert Simmons writes: > >> In light of advanced in processors and GPUs, what is the potential > >> for duplication of RSA, DSA, and ECDSA keys at the current default > >> key lengths (2048, 1024, and 256 respectively)? > > > > You do know that these keys are used only for authentication, and > > not for encryption, right? >=20 > Yes, the encryption key length is determined by which symmetric cipher > is negotiated between the client and server based on what is available > from the Ciphers line in sshd_config and ssh_config. I'm not very familiar with ssh, but surely they're also used for session-key exchange, which makes them crucial to encryption. They should be as secure as the strongest symmetric cipher they need to work with.