Date: Sat, 13 Apr 2002 01:27:07 +1000 From: Joshua Goodall <joshua@roughtrade.net> To: Garrett Wollman <wollman@lcs.mit.edu> Cc: Archie Cobbs <archie@dellroad.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, des@freebsd.org Subject: Re: cvs commit: src/crypto/openssh servconf.c Message-ID: <20020412152707.GD8927@roughtrade.net> In-Reply-To: <200204120313.g3C3DnP83776@khavrinen.lcs.mit.edu> References: <200204112204.g3BM4eK56395@freefall.freebsd.org> <200204120044.g3C0i7W08442@arch20m.dellroad.org> <200204120313.g3C3DnP83776@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 11, 2002 at 11:13:49PM -0400, Garrett Wollman wrote: > I'm not DES, but I can at least make a crack at it. > > RSA and DSA are believed to be of comparable cryptographic strength, > given the key sizes commonly used today. At the recent Financial Cryptography '02 panel debates, it was put forward that 1024-bit RSA cracking was now well within the cost bounds of many governments and corporations. On the edge of paranoia, some people are now revoking 1024-bit RSA keys and replacing them with 2048-bit keys. DSA's strength, like Diffie-Hellman's, is based on the problem of finding discrete logs in finite fields. I'm no cryptographer, but last I looked, the difficulty bounded RSA's; that is, if you have a general algorithm to find those logs swiftly (i.e. broke DSA) then you can also factor large primes (i.e. you broke RSA). See also : http://www.scramdisk.clara.net/pgpfaq.html#SubRSADH which appears to suggest that the discrete-logs-based publickey systems are evaluating as "stronger", although falls shy of actually recommending DSA over RSA. > IIRC, when the SSHv2 protocol is officially blessed by the IETF, > RSA will be required and DSA will be an option. Other way around, I think - the current SecSH draft lists ssh-dss (that is, DSA) as the only REQUIRED public key type, with RSA as RECOMMENDED. It's at: http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-14.txt I personally was happy with the 1024-bit DSA key choice that was in place prior to the 3.1 import, and am less comfortable with the 1024-bit RSA that some bleeding-edge cypherpunks are already revoking. Joshua To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020412152707.GD8927>