tech-security: Re: 1024 bit key considered insecure (sshd)

Subject: Re: 1024 bit key considered insecure (sshd)
To: Perry E. Metzger <perry@piermont.com>
From: Karsten W. Rohrbach <karsten@rohrbach.de>
List: tech-security
Date: 08/29/2002 09:12:32

--8t9RHnE3ZwKMSgU+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Perry E. Metzger(perry@piermont.com)@2002.08.29 02:08:27 +0000:
> I do. If someone with millions of dollars to spend on custom designed
> hardware wants to break into your computer, I assure you that
> increasing the size of your ssh keys will not stop them. Nor, for that

you missed the concept behind crypto in general, i think. it's not about
stopping someone from accessing private resources, but rather making
that approach to make access to these resources /very/ unattractive, by
increasing the amount of time (and thus $$$) an attacker has to effort
to get access.

> matter, would the slow and tedious process of cracking your ssh keys
> be nearly as efficient as the more pragmatic alternatives.

the slower, the better, as a direct consequence of my last paragraph.

> That said, those running on newer hardware can probably reasonably use
> larger keys if they wish.

increasing the server's key width imposes a higher processing cost for
the initial handshake. efficiency of the cipher used for transit
encryption is not directly affected.

regards,
/k

--=20
> Hackers know all the right MOVs.
WebMonster Community Project -- Reliable and quick since 1998 -- All on BSD
http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.=
de/
GnuPG:   0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4  A113 B393 6BF4 DEC9 48A6
REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE  DF22 3340 4F4E 2964 BF46
REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C  5F 0B E0 6B 4D CD 8C 44
My mail is GnuPG signed - Unsigned ones might be bogus - http://www.gnupg.o=
rg/
Please do not remove my address from To: and Cc: fields in mailing lists. 1=
0x

--8t9RHnE3ZwKMSgU+
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Comment: For info see http://www.gnupg.org

iD8DBQE9bclgs5Nr9N7JSKYRAl8AAJ9dhYWcjTJISSlHe6CcgtN260zwjACfcqMU
7hEFoxpqdhX75nCvqd8TgJY=
=VVrX
-----END PGP SIGNATURE-----

--8t9RHnE3ZwKMSgU+--