[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RFC#14 - openssh keysize
- To: tech_(_at_)_openbsd_(_dot_)_org
- Subject: Re: RFC#14 - openssh keysize
- From: "Eric Bullen" <ericb_obsd_(_at_)_thedeepsky_(_dot_)_com>
- Date: Tue, 21 Oct 2003 12:37:03 -0700 (PDT)
Your lack of understanding of how keys work discredits you from suggesting
changes- a 2048 bit key is not twice as difficult to decrypt as a 1024 bit
key (referring to your "double the difficulty" comment), it is 2^1024
times as hard.
> Given the fact the most people follow a method of jumping across release,
> instead of updating every six months, SSH v2 server keys can stay the same
> for more than one year. Even if it's not already known a method to decrypt
> public key, I'm asking to double the difficulty to do it.
> - if /usr/bin/ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -N '';
> + if /usr/bin/ssh-keygen -q -b 2048 -t dsa -f /etc/ssh/ssh_host_dsa_key -N