[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC#14 - openssh keysize

Your lack of understanding of how keys work discredits you from suggesting
changes- a 2048 bit key is not twice as difficult to decrypt as a 1024 bit
key (referring to your "double the difficulty" comment), it is 2^1024
times as hard.


> Given the fact the most people follow a method of jumping across release,
> instead of updating every six months, SSH v2 server keys can stay the same
> for more than one year. Even if it's not already known a method to decrypt
> a
> public key, I'm asking to double the difficulty to do it.
> /usr/src/etc/rc
> -	if /usr/bin/ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -N '';
> then
> +	if /usr/bin/ssh-keygen -q -b 2048 -t dsa -f /etc/ssh/ssh_host_dsa_key -N
> '';
> then