[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 1024 bit key considered insecure (sshd)

On Wed, Aug 28, 2002 at 09:07:47PM +0100, Stefan Krüger wrote:

> http://www.counterpane.com/crypto-gram-0204.html#3 and
> http://online.securityfocus.com/archive/1/263924

This is old news, and  was discussed shortly after the publication
of Dan's original paper. Search the archives....

> and maybe  we should update  our rc scripts, so  that ssh-keygen
> generates at least 1280 Bit keys

This  would kill  older  machines. Seriously--install OpenBSD  and
wait  a  week   for  the  inital  boot  to  finish   (if  it  ever
does). Relive the days  of 150 baud modems as you  connect to them
with SSH.

Of  course, if  using larger  keys will  let you  sleep better  at
night, then, by all means, generate larger keys for your systems.

There's  also a  cost-benefit analysis  to  go along  with any  of
this. Any entity that can blow  $1,000,000,000.00 on a computer to
brute-force  my  SSH sessions  can  also  afford  to spend  a  few
thousand for a couple thugs to  beat the information out of me. If
I have  to worry about the  spooks, I've got problems  a lot worse
than computer security.

But, as I said, you need to make your own decisions.



Ben Goren

[demime 0.98d removed an attachment of type application/pgp-signature]

Visit your host, monkey.org