Re: Newbie : openssh and RC4
From: Nico Kadel-Garcia (nkadel_at_verizon.net)
Date: 08/29/03
- Next message: Richard E. Silverman: "Re: Newbie : openssh and RC4"
- Previous message: Martin: "Re: Connection Problem - Debian to Freebsd"
- In reply to: Richard E. Silverman: "Re: Newbie : openssh and RC4"
- Next in thread: Richard E. Silverman: "Re: Newbie : openssh and RC4"
- Reply: Richard E. Silverman: "Re: Newbie : openssh and RC4"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 29 Aug 2003 12:13:01 GMT
Richard E. Silverman wrote:
>>>>>>"NKG" == Nico Kadel-Garcia <nkadel@verizon.net> writes:
>
>
> NKG> ??? You can compile OpenSSH without the SSL libraries, I believe,
>
> I assume you mean "OpenSSL" here, rather than "SSL" (since OpenSSH does
> not actually use the SSL protocol) -- and I know of no such option;
> OpenSSH takes all its crypto primitives from OpenSSL. It wouldn't do much
> without it.
Well, yes.
> NKG> but considering that OpenSSH itself uses 1024 bit keys, I don't
> NKG> think you come out ahead.....
>
> I don't know what you mean by "OpenSSH itself" -- presumably, some build
> of OpenSSH without OpenSSL, which I don't think exists. In any event,
> this is comparing apples and oranges, Nico. 1024 and similar bit lengths
> are used by public-key algorithms for authentication and key agreement,
> which are not generally restricted by crypto-as-munitions laws. In
> talking about RC4 and 128-bit keys, the OP is referring to restrictions on
> actual (symmetric) encryption algorithms.
I'm referring to the "-b" option of "ssh-keygen", which says:
-b bits
Specifies the number of bits in the key to create.
Minimum is 512 bits. Generally 1024 bits is considered sufficient, and
key sizes above that no longer improve security but make things slower.
The default is 1024 bits.
The crypto regulations are *weird*, and need not make computational
sense. With the former limits of "80 bits" for using SSL keys overseas,
I was always surprused that PGP and OpenSSH using far longer key lengths
didn't get in more grief. I'm aware of several groups that used both
128-bit SSL and SSH worldwide, including France when their crypto
regulations became insane, and basically prayed a lot not to be noticed
using them.
- Next message: Richard E. Silverman: "Re: Newbie : openssh and RC4"
- Previous message: Martin: "Re: Connection Problem - Debian to Freebsd"
- In reply to: Richard E. Silverman: "Re: Newbie : openssh and RC4"
- Next in thread: Richard E. Silverman: "Re: Newbie : openssh and RC4"
- Reply: Richard E. Silverman: "Re: Newbie : openssh and RC4"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
