tech-security: RE: 1024 bit key considered insecure (sshd)

Subject: RE: 1024 bit key considered insecure (sshd)
To: 'Karsten W. Rohrbach' <karsten@rohrbach.de>
From: George F. Costanzo <afx@pkl.net>
List: tech-security
Date: 08/29/2002 18:57:18

Inline.

> -----Original Message-----
> From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-
> security@FreeBSD.ORG] On Behalf Of Karsten W. Rohrbach
> Sent: Thursday, 29 August 2002 5:13 PM
> To: Perry E. Metzger
> Cc: mipam@ibb.net; Matthias Buelow; Stefan Kr=FCger; freebsd-
> security@FreeBSD.ORG; tech-security@netbsd.org; misc@openbsd.org
> Subject: Re: 1024 bit key considered insecure (sshd)
>=20
> Perry E. Metzger(perry@piermont.com)@2002.08.29 02:08:27 +0000:
> > I do. If someone with millions of dollars to spend on custom
designed
> > hardware wants to break into your computer, I assure you that
> > increasing the size of your ssh keys will not stop them. Nor, for
that
>=20
> you missed the concept behind crypto in general, i think. it's not
about
> stopping someone from accessing private resources, but rather making
> that approach to make access to these resources /very/ unattractive,
by
> increasing the amount of time (and thus $$$) an attacker has to effort
> to get access.

Yes, to increase the time/cost in breaking the key to outweigh the cost
of the information that will be gained.

If the information you're trying to protect is worth that much to you,
you'll take the extra steps needed to increase key length. Otherwise,
the default will be fine for most users.

> > matter, would the slow and tedious process of cracking your ssh keys
> > be nearly as efficient as the more pragmatic alternatives.
>=20
> the slower, the better, as a direct consequence of my last paragraph.

Schneier is blowing this out of proportion a little, quoting Lucky's
decision throughout. Lucky is overly paranoid and Schneier knows it. He
also uses the article to bring up (read: plug) his pretty accurate key
length estimates. Schneier's motives have been slightly dubious for
awhile.

> increasing the server's key width imposes a higher processing cost for
> the initial handshake. efficiency of the cipher used for transit
> encryption is not directly affected.

Yeap.

> regards,
> /k

--
George F. Costanzo <afx@pkl.net>
PGP Fingerprint: 1E4F 09F2 D637 B917 8D61  0413 4FBC 7DB0 1407 2B6D