From owner-freebsd-security Thu Aug 29 6:51: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18F8037B400 for ; Thu, 29 Aug 2002 06:51:00 -0700 (PDT) Received: from mail.webmonster.de (datasink.webmonster.de [194.162.162.209]) by mx1.FreeBSD.org (Postfix) with SMTP id 8E48343E3B for ; Thu, 29 Aug 2002 06:50:58 -0700 (PDT) (envelope-from karsten@rohrbach.de) Received: (qmail 63709 invoked by uid 1000); 29 Aug 2002 13:51:18 -0000 Date: Thu, 29 Aug 2002 15:51:18 +0200 From: "Karsten W. Rohrbach" To: "Perry E. Metzger" Cc: mipam@ibb.net, Matthias Buelow , =?iso-8859-1?Q?Stefan_Kr=FCger?= , freebsd-security@FreeBSD.org, tech-security@netbsd.org, misc@openbsd.org Subject: Re: 1024 bit key considered insecure (sshd) Message-ID: <20020829155118.B63360@mail.webmonster.de> Mail-Followup-To: "Karsten W. Rohrbach" , "Perry E. Metzger" , mipam@ibb.net, Matthias Buelow , =?iso-8859-1?Q?Stefan_Kr=FCger?= , freebsd-security@FreeBSD.org, tech-security@netbsd.org, misc@openbsd.org References: <20020828200748.90964.qmail@mail.com> <3D6D3953.6090005@mukappabeta.de> <20020828224330.GE249@localhost> <87k7mamc2s.fsf@snark.piermont.com> <20020829091232.A53344@mail.webmonster.de> <87bs7ln66u.fsf@snark.piermont.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="RASg3xLB4tUQ4RcS" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <87bs7ln66u.fsf@snark.piermont.com>; from perry@piermont.com on Thu, Aug 29, 2002 at 09:30:17AM -0400 X-Arbitrary-Number-Of-The-Day: 42 X-URL: http://www.webmonster.de/ X-Disclaimer: My opinions do not necessarily represent those of my employer Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --RASg3xLB4tUQ4RcS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Perry E. Metzger(perry@piermont.com)@2002.08.29 09:30:17 +0000: >=20 > "Karsten W. Rohrbach" writes: > > Perry E. Metzger(perry@piermont.com)@2002.08.29 02:08:27 +0000: > > > I do. If someone with millions of dollars to spend on custom designed > > > hardware wants to break into your computer, I assure you that > > > increasing the size of your ssh keys will not stop them. Nor, for that > >=20 > > you missed the concept behind crypto in general, i think. it's not about > > stopping someone from accessing private resources, but rather making > > that approach to make access to these resources /very/ unattractive, by > > increasing the amount of time (and thus $$$) an attacker has to effort > > to get access. >=20 > I would have thought spending at least hundreds of millions off > dollars and (as importantly) at least months of time would have been > considered "unattractive" enough to encourage other methods of getting > at your data like breaking in to your physical location. Silly me. I > guess I missed the concept behind crypto. wasn't meant as a personal assault. defining attractive/unattractive strongly depends on the content you want to protect, sure. of course, at some point gaining physical access becomes more attractive.=20 tracking the evolution of computing machinery nowadays, implementing cryptanalysis in hardware becomes cheaper and faster at an amazing speed. my wild guess is, that through the upcoming broad availability of software programmable hardware that is available today, attacks to crypto in general will become very cheap in a timeframe of months. regards, /k --=20 > "It says he made us all to be just like him. So if we're dumb, then > god is dumb, and maybe even a little ugly on the side." --Frank Zappa WebMonster Community Project -- Reliable and quick since 1998 -- All on BSD http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.= de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 REVOKED: 0x2964BF46 D/E 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46 REVOKED: 0x4C44DA59 RSA F9 A0 DF 91 74 07 6A 1C 5F 0B E0 6B 4D CD 8C 44 My mail is GnuPG signed - Unsigned ones might be bogus - http://www.gnupg.o= rg/ Please do not remove my address from To: and Cc: fields in mailing lists. 1= 0x --RASg3xLB4tUQ4RcS Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iD8DBQE9bibWs5Nr9N7JSKYRAvAMAJ41pcA7RL7JZlOp6jiyNKNA5m07VgCfaBd3 blemDploLK4z4oe0gsSaWSc= =oHhC -----END PGP SIGNATURE----- --RASg3xLB4tUQ4RcS-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message