Date: Tue, 26 Mar 2002 03:37:10 +0000 From: Colin Percival <colin.percival@wadham.ox.ac.uk> To: freebsd-security@freebsd.org Subject: It's time for those 2048-, 3072-, and 4096-bit keys? Message-ID: <5.0.2.1.1.20020326024955.02392830@popserver.sfu.ca>
next in thread | raw e-mail | index | archive | help
In light of DJB's widely-cited paper (http://cr.yp.to/papers.html#nfscircuit) on integer factorization circuits, along with subsequent analysis which suggests that such attacks might be practical, is it time to change the default key sizes in OpenSSH? While the practicality of the cracking machine proposed is still a matter of debate, it seems that the risk is sufficient, and the cost of increasing key sizes is sufficiently small, that there is little justfication for not switching to a larger default key size. While a couple years ago it might have been argued that the initial cost of generating longer keys would be excessive, I can now generate a 4096-bit in about 30 seconds on a rather low-end box, so I don't think key generation time is particularly relevant any more. Is there any other reason for not changing the default key size? Colin Percival To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20020326024955.02392830>