Re: 1024 bit key considered insecure (sshd)

From: Karsten W. Rohrbach (karsten@rohrbach.de)
Date: 08/29/02 

Date: Thu, 29 Aug 2002 09:12:32 +0200
From: "Karsten W. Rohrbach" <karsten@rohrbach.de>
To: "Perry E. Metzger" <perry@piermont.com>

Perry E. Metzger(perry@piermont.com)@2002.08.29 02:08:27 +0000:
> I do. If someone with millions of dollars to spend on custom designed
> hardware wants to break into your computer, I assure you that
> increasing the size of your ssh keys will not stop them. Nor, for that

you missed the concept behind crypto in general, i think. it's not about
stopping someone from accessing private resources, but rather making
that approach to make access to these resources /very/ unattractive, by
increasing the amount of time (and thus $$$) an attacker has to effort
to get access.

> matter, would the slow and tedious process of cracking your ssh keys
> be nearly as efficient as the more pragmatic alternatives.

the slower, the better, as a direct consequence of my last paragraph.

> That said, those running on newer hardware can probably reasonably use
> larger keys if they wish.

increasing the server's key width imposes a higher processing cost for
the initial handshake. efficiency of the cipher used for transit
encryption is not directly affected.

regards,
/k 

-- 
> Hackers know all the right MOVs.
WebMonster Community Project -- Reliable and quick since 1998 -- All on BSD
http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/
GnuPG:   0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4  A113 B393 6BF4 DEC9 48A6
REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE  DF22 3340 4F4E 2964 BF46
REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C  5F 0B E0 6B 4D CD 8C 44
My mail is GnuPG signed - Unsigned ones might be bogus - http://www.gnupg.org/
Please do not remove my address from To: and Cc: fields in mailing lists. 10x

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: [OT] Trusted Computing and GnuPG
    ... would we be able to store them in this TC chip? ... Why would you want to store your SSH keys on the chip, ... well as against the open source ideals. ... Then you need to consider hardware failures, ...
    (Debian-User)
  • Re: 1024 bit key considered insecure (sshd)
    ... >>>and maybe we should update our rc scripts, ... increasing the size of your ssh keys will not stop them. ... matter, would the slow and tedious process of cracking your ssh keys ... those running on newer hardware can probably reasonably use ...
    (FreeBSD-Security)
  • Re: 1024 bit key considered insecure (sshd)
    ... Keep in mind that there are people who *spend* money on custom designed ... hardware that costs millions of dollars. ... > increasing the size of your ssh keys will not stop them. ...
    (FreeBSD-Security)