--fXStkuK2IQBfcDe+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Wed, Sep 14, 2005 at 02:07:28PM +0000, Charles M. Hannum wrote:
> There is a talk being presented at MIT today that shows clearly that 1Kb 
> public keys can be factored fairly easily on cheap custom hardware.  It is 
> long past time for SSH keys to be at least 2Kb by default.

You are quite right.

Have I missed anything out of the attached diff?

And can you give us a summary of the talk, please? It sounds interesting.

Thanks,
Alistair

--fXStkuK2IQBfcDe+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=ssh-2048bits

Index: ssh-keygen.1
===================================================================
RCS file: /cvsroot/src/crypto/dist/ssh/ssh-keygen.1,v
retrieving revision 1.16
diff -u -r1.16 ssh-keygen.1
--- ssh-keygen.1	23 Apr 2005 16:53:29 -0000	1.16
+++ ssh-keygen.1	14 Sep 2005 21:34:17 -0000
@@ -189,8 +189,8 @@
 .It Fl b Ar bits
 Specifies the number of bits in the key to create.
 Minimum is 512 bits.
-Generally, 1024 bits is considered sufficient.
-The default is 1024 bits.
+Generally, 2048 bits is considered sufficient.
+The default is 2048 bits.
 .It Fl C Ar comment
 Provides a new comment.
 .It Fl c
Index: ssh-keygen.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ssh/ssh-keygen.c,v
retrieving revision 1.23
diff -u -r1.23 ssh-keygen.c
--- ssh-keygen.c	23 Apr 2005 16:53:29 -0000	1.23
+++ ssh-keygen.c	14 Sep 2005 21:34:18 -0000
@@ -38,7 +38,7 @@
 #include "dns.h"
 
 /* Number of bits in the RSA/DSA key.  This value can be changed on the command line. */
-int bits = 1024;
+int bits = 2048;
 
 /*
  * Flag indicating that we just want to change the passphrase.  This can be

--fXStkuK2IQBfcDe+--