[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC#14 - openssh keysize

To: tech_(_at_)_openbsd_(_dot_)_org
Subject: Re: RFC#14 - openssh keysize
From: "Eric Bullen" <ericb_obsd_(_at_)_thedeepsky_(_dot_)_com>
Date: Tue, 21 Oct 2003 12:37:03 -0700 (PDT)

Your lack of understanding of how keys work discredits you from suggesting
changes- a 2048 bit key is not twice as difficult to decrypt as a 1024 bit
key (referring to your "double the difficulty" comment), it is 2^1024
times as hard.

-E

> Given the fact the most people follow a method of jumping across release,
> instead of updating every six months, SSH v2 server keys can stay the same
> for more than one year. Even if it's not already known a method to decrypt
> a
> public key, I'm asking to double the difficulty to do it.
>
>
> /usr/src/etc/rc
>
> -	if /usr/bin/ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -N '';
> then
> +	if /usr/bin/ssh-keygen -q -b 2048 -t dsa -f /etc/ssh/ssh_host_dsa_key -N
> '';
> then

References:
- RFC#14 - openssh keysize
  - From: Ed White

Prev by Date: RFC#14 - openssh keysize
Next by Date: Re: RFC#14 - openssh keysize
Previous by thread: RFC#14 - openssh keysize
Next by thread: Re: RFC#14 - openssh keysize
Index(es):
- Date
- Thread

Visit your host, monkey.org