Re: 1024 bit key considered insecure (sshd)

From: Colin Percival (Colin_Percival@sfu.ca)
Date: 08/28/02 

Date: Wed, 28 Aug 2002 13:42:48 -0700
From: Colin Percival <Colin_Percival@sfu.ca>
To: veedee@c7.campus.utcluj.ro

At 23:26 28/08/2002 +0300, veedee@c7.campus.utcluj.ro wrote:
>Just out of curiosity, can anyone with access to a gigabit network run some
>tests and tell us the difference between using several different keys? Like
>1024, 1280, 2048, 4096.
>I'm curious if a bigger key really slows down the operation as Bruce Schneier
>implies ("Doubling the key size roughly corresponds to a six-times speed
>slowdown
>in software").

   It does slow things down to that extent (assuming O(n^1.585)
multiplication, which is typical), for the asymmetric encryption
operations. Once the connection is set up, symmetric encryption is used.
   Moving from 1024 bits up to 4096 bits would, on a typical machine, cause
the connection setup to take half a second instead of a hundredth of a
second, but beyond that there would be no difference.
   When I brought this up earlier
(http://groups.google.com/groups?threadm=5.0.2.1.1.20020326024955.02392830%40popserver.sfu.ca)
there was a concern about breaking v1 clients using the RSAREF library.

Colin Percival

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message