Date: Wed, 28 Aug 2002 13:42:48 -0700 From: Colin Percival <Colin_Percival@sfu.ca> To: veedee@c7.campus.utcluj.ro Cc: freebsd-security@FreeBSD.ORG Subject: Re: 1024 bit key considered insecure (sshd) Message-ID: <5.0.2.1.1.20020828132755.0284b2a8@popserver.sfu.ca> In-Reply-To: <20020828232624.A9280@c7.campus.utcluj.ro> References: <20020828200748.90964.qmail@mail.com> <20020828200748.90964.qmail@mail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 23:26 28/08/2002 +0300, veedee@c7.campus.utcluj.ro wrote:
>Just out of curiosity, can anyone with access to a gigabit network run some
>tests and tell us the difference between using several different keys? Like
>1024, 1280, 2048, 4096.
>I'm curious if a bigger key really slows down the operation as Bruce Schneier
>implies ("Doubling the key size roughly corresponds to a six-times speed
>slowdown
>in software").
It does slow things down to that extent (assuming O(n^1.585)
multiplication, which is typical), for the asymmetric encryption
operations. Once the connection is set up, symmetric encryption is used.
Moving from 1024 bits up to 4096 bits would, on a typical machine, cause
the connection setup to take half a second instead of a hundredth of a
second, but beyond that there would be no difference.
When I brought this up earlier
(http://groups.google.com/groups?threadm=5.0.2.1.1.20020326024955.02392830%40popserver.sfu.ca)
there was a concern about breaking v1 clients using the RSAREF library.
Colin Percival
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20020828132755.0284b2a8>