Re: 1024 bit key considered insecure (sshd)

From: Perry E. Metzger (perry@piermont.com)
Date: 08/29/02

• Next message: Karsten W. Rohrbach: "Re: 1024 bit key considered insecure (sshd)"
• Previous message: Mark Murray: "Re: Administrivia: Discussion - Making this list subscriber-only"
• Maybe in reply to: =?iso-8859-1?B?U3RlZmFuIEty/Gdlcg== ?=: "1024 bit key considered insecure (sshd)"
• Next in thread: Karsten W. Rohrbach: "Re: 1024 bit key considered insecure (sshd)"
• Reply: Karsten W. Rohrbach: "Re: 1024 bit key considered insecure (sshd)"
• Reply: ark@eltex.ru: "Re: 1024 bit key considered insecure (sshd)"
• Reply: Alexandr Kovalenko: "Re: 1024 bit key considered insecure (sshd)"
• Reply: Chuck Yerkes: "Re: 1024 bit key considered insecure (sshd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

To: mipam@ibb.net
From: "Perry E. Metzger" <perry@piermont.com>
Date: 29 Aug 2002 02:08:27 -0400

Mipam <mipam@ibb.net> writes:
> On Wed, Aug 28, 2002 at 10:57:55PM +0200, Matthias Buelow wrote:
> > >and maybe we should update our rc scripts,
> > >so that ssh-keygen generates at least 1280 Bit keys
> >
> > I think this is highly overrated and only of theoretical
> > value for most *BSD users.
>
> I dont think its too much overrated and theoretical.

I do. If someone with millions of dollars to spend on custom designed
hardware wants to break into your computer, I assure you that
increasing the size of your ssh keys will not stop them. Nor, for that
matter, would the slow and tedious process of cracking your ssh keys
be nearly as efficient as the more pragmatic alternatives.

That said, those running on newer hardware can probably reasonably use
larger keys if they wish.

-- 
Perry E. Metzger		perry@piermont.com
--
"Ask not what your country can force other people to do for you..."
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Karsten W. Rohrbach: "Re: 1024 bit key considered insecure (sshd)"
• Previous message: Mark Murray: "Re: Administrivia: Discussion - Making this list subscriber-only"
• Maybe in reply to: =?iso-8859-1?B?U3RlZmFuIEty/Gdlcg== ?=: "1024 bit key considered insecure (sshd)"
• Next in thread: Karsten W. Rohrbach: "Re: 1024 bit key considered insecure (sshd)"
• Reply: Karsten W. Rohrbach: "Re: 1024 bit key considered insecure (sshd)"
• Reply: ark@eltex.ru: "Re: 1024 bit key considered insecure (sshd)"
• Reply: Alexandr Kovalenko: "Re: 1024 bit key considered insecure (sshd)"
• Reply: Chuck Yerkes: "Re: 1024 bit key considered insecure (sshd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: [OT] Trusted Computing and GnuPG ... would we be able to store them in this TC chip? ... Why would you want to store your SSH keys on the chip, ... well as against the open source ideals. ... Then you need to consider hardware failures, ... (Debian-User) Re: 1024 bit key considered insecure (sshd) ... > increasing the size of your ssh keys will not stop them. ... the slower, the better, as a direct consequence of my last paragraph. ... those running on newer hardware can probably reasonably use ... (FreeBSD-Security) Re: 1024 bit key considered insecure (sshd) ... Keep in mind that there are people who *spend* money on custom designed ... hardware that costs millions of dollars. ... > increasing the size of your ssh keys will not stop them. ... (FreeBSD-Security) Re: Cron to Launchd migration not working <= Solved ... it should pick up your account's SSH keys. ... I added the UserName key to the .plist file. ... those scripts while the servers are busy. ... the 'UserName' key addition to the .plist file worked. ... (comp.sys.mac.system)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2002-08