Re: 1024 bit key considered insecure (sshd)

From: Mike Hoskins (mike@adept.org)
Date: 09/03/02

• Next message: Marc G. Fournier: "Anti virus software for FreeBSD ..."
• Previous message: Mike Silbersack: "Re: From: Ivan Streetovich, Japan"
• In reply to: Perry E. Metzger: "Re: 1024 bit key considered insecure (sshd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 3 Sep 2002 14:50:23 -0700 (PDT)
From: Mike Hoskins <mike@adept.org>
To: "Perry E. Metzger" <perry@piermont.com>

On 30 Aug 2002, Perry E. Metzger wrote:
> Michael W Mitton <mmitton@hmcon.com> writes:
> > My data may not be worth a billion dollars, but I can be fairly certain
> > that I am part of a group ( a rather _large_ group ) whose combined
> > information is worth that.

If you're not paranoid enough to have already upgraded to larger keys (and
dealt with the specific challenges that may present for your
organization), then you likely do not need larger keys.

As for the organiztions that can afford to spend billions of dollars to
crack our keys (although they'd likely spend much less, since they'd
fabricate their own systems), the present paranoia warrenting disdain over
1024 bit keys must also point to the possibility that they've been able to
crack our keys long before now.

Weigh the value of your organization's core assets, and take appropriate
action. Nothing has really changed simply because an email was sent to
Bugtraq. The same risks present today were in some way present last year,
or as far back as your paranoia dictates.

I'm not sure who cross-posted to so many lists. My apologies if this
isn't appropriate to any included targets. I intend this message for
freebsd-security, but do not like to delete/alter To/CC lists in threads I
did not start.

Later,
-Mike

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Marc G. Fournier: "Anti virus software for FreeBSD ..."
• Previous message: Mike Silbersack: "Re: From: Ivan Streetovich, Japan"
• In reply to: Perry E. Metzger: "Re: 1024 bit key considered insecure (sshd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: I Was Just Wondering.. ... How much is it worth? ... Are you a cop? ... Where do you keep the keys? ... Do you own a dog, is so what type of dog? ... (soc.culture.irish) Re: "Illegal to duplicate" on keys ... If you're going to lend a set of keys to someone, is it worth getting ... the locksmith who creates a duplicate set to stamp on the metal ... I've seen a few sets of keys made that way. ... (uk.legal) Re: Seeking advice on pre- 1964 Key Dates Half Quarter Dime ... My intent was to attempt to list THE keys for a series, ... > also to mention that there are a number of coins within those series ... > that, while not worth the big bucks everyone is looking for, are worth ... (rec.collecting.coins) Re: Wanted: Cherry G83-6105L Keyboards ... I suspect it has 'Windows' keys, for what they're worth. ... (uk.adverts.computer) Re: MACs + Encryption + same Key ... That's cryptography. ... I find that a touch of paranoia is often ... >>statistically independent keys. ... (sci.crypt)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint