[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 1024 bit key considered insecure (sshd)
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: 1024 bit key considered insecure (sshd)
- From: Ben Goren <ben_(_at_)_trumpetpower_(_dot_)_com>
- Date: Wed, 28 Aug 2002 13:56:16 -0700
On Wed, Aug 28, 2002 at 09:07:47PM +0100, Stefan Krüger wrote:
> http://www.counterpane.com/crypto-gram-0204.html#3 and
This is old news, and was discussed shortly after the publication
of Dan's original paper. Search the archives....
> and maybe we should update our rc scripts, so that ssh-keygen
> generates at least 1280 Bit keys
This would kill older machines. Seriously--install OpenBSD and
wait a week for the inital boot to finish (if it ever
does). Relive the days of 150 baud modems as you connect to them
Of course, if using larger keys will let you sleep better at
night, then, by all means, generate larger keys for your systems.
There's also a cost-benefit analysis to go along with any of
this. Any entity that can blow $1,000,000,000.00 on a computer to
brute-force my SSH sessions can also afford to spend a few
thousand for a couple thugs to beat the information out of me. If
I have to worry about the spooks, I've got problems a lot worse
than computer security.
But, as I said, you need to make your own decisions.
[demime 0.98d removed an attachment of type application/pgp-signature]