Re: 1024 bit key considered insecure (sshd)

From: David Schultz (dschultz@uclink.Berkeley.EDU)
Date: 08/29/02 

Date: Thu, 29 Aug 2002 02:35:08 -0700
From: David Schultz <dschultz@uclink.Berkeley.EDU>
To: "Karsten W. Rohrbach" <karsten@rohrbach.de>

Thus spake Karsten W. Rohrbach <karsten@rohrbach.de>:
> Perry E. Metzger(perry@piermont.com)@2002.08.29 02:08:27 +0000:
> > I do. If someone with millions of dollars to spend on custom designed
> > hardware wants to break into your computer, I assure you that
> > increasing the size of your ssh keys will not stop them. Nor, for that
>
> you missed the concept behind crypto in general, i think. it's not about
> stopping someone from accessing private resources, but rather making
> that approach to make access to these resources /very/ unattractive, by
> increasing the amount of time (and thus $$$) an attacker has to effort
> to get access.

I believe his point is that increasing the costs of the hardware
required to break your key from 1 million dollars to 1 trillion
dollars is not worthwhile because the process is effectively
infeasible either way. Though it's true that the performance
penalty of larger keys isn't too bad, you're going to break lots
of older software for essentially no good reason.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: 1024 bit key considered insecure (sshd)
    ... >> hardware wants to break into your computer, I assure you that ... > you missed the concept behind crypto in general, ... > stopping someone from accessing private resources, ...
    (FreeBSD-Security)
  • Re: software crypto is useless
    ... > in runtime, your keys, passwords, and signatures, etc. all become doubtful. ... Each security module, software as well as hardware, has ... Software crypto can be ...
    (sci.crypt)
  • Re: Moving to the Net: Encrypted Execution for User Code on a Hosting Site
    ... keys would erase upon most attempts to open. ... tamper-resistant hardware to a hardware solution that behaves exactly ... They don't sell it to me, they sell it to the service provider. ... Those people who really care about privacy will not ...
    (comp.arch)
  • Re: Moving to the Net: Encrypted Execution for User Code on a Hosting Site
    ... keys would erase upon most attempts to open. ... tamper-resistant hardware to a hardware solution that behaves exactly ... This measurement is provided to some third party in the outside world, which can therefore detect the presence of the virtual machine. ...
    (comp.arch)
  • Re: Secure Sofware Key
    ... you cannot solve the problem of valid keys ... specific hardware configuration, as is done for Windows XP's ... vulnerable to reverse engineering of the validation routines within ... any software mechanism will be vulnerable to ...
    (SecProg)