From owner-freebsd-security Thu Aug 29 12:40:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0E0437B401 for ; Thu, 29 Aug 2002 12:40:31 -0700 (PDT) Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80]) by mx1.FreeBSD.org (Postfix) with SMTP id E0D0143E6A for ; Thu, 29 Aug 2002 12:40:30 -0700 (PDT) (envelope-from sirmoo@cowbert.2y.net) Received: (qmail 4684 invoked by uid 1001); 29 Aug 2002 19:40:30 -0000 Date: Thu, 29 Aug 2002 15:40:30 -0400 From: "Peter C. Lai" To: "Karsten W. Rohrbach" Cc: "Perry E. Metzger" , mipam@ibb.net, Matthias Buelow , Stefan Kr?ger , freebsd-security@FreeBSD.org, tech-security@netbsd.org, misc@openbsd.org Subject: Re: 1024 bit key considered insecure (sshd) Message-ID: <20020829194030.GA4593@cowbert.2y.net> Reply-To: peter.lai@uconn.edu References: <20020828200748.90964.qmail@mail.com> <3D6D3953.6090005@mukappabeta.de> <20020828224330.GE249@localhost> <87k7mamc2s.fsf@snark.piermont.com> <20020829091232.A53344@mail.webmonster.de> <87bs7ln66u.fsf@snark.piermont.com> <20020829155118.B63360@mail.webmonster.de> <871y8hn43d.fsf@snark.piermont.com> <20020829183858.A68055@mail.webmonster.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020829183858.A68055@mail.webmonster.de> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Aug 29, 2002 at 06:38:58PM +0200, Karsten W. Rohrbach wrote: > Perry E. Metzger(perry@piermont.com)@2002.08.29 10:15:34 +0000: > > > > "Karsten W. Rohrbach" writes: > > > tracking the evolution of computing machinery nowadays, implementing > > > cryptanalysis in hardware becomes cheaper and faster at an amazing > > > speed. my wild guess is, that through the upcoming broad availability of > > > software programmable hardware that is available today, attacks to > > > crypto in general will become very cheap in a timeframe of months. > > > > If you can attack 1024 bit keys cheaply a few months from now, please > > let us know. Where I live, Moore's law still observes things double > > every 18 months, not every 18 hours. > > http://rcc.lanl.gov/index.php as a starting point. screw moores law, if > the problem can be parallelized. ;-) The problem can already be parallelized. These are all searching algorithms (either pure brute force or using sieve to shrink the keyspace that needs to be tested), and are not 'cryptanalyst' attacks per se. The sieve may reduce the keyspace that needs to be checked by a linear factor, but as someone pointed out, the number of keys to be tested grows exponentially with each bit added to the key. Furthermore, why worry about 1024bit keys now? In 10 years when people *can* crack 1024 keys like peanuts, we will all have switched to OTPs or use some absurd key length. I'd rather worry about the 2038 deadline imho. -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology | Undergraduate Research Assistant Yale University School of Medicine Center for Medical Informatics | Research Assistant http://cowbert.2y.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message