From owner-freebsd-security Tue Mar 26 9:57: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.webmonster.de (datasink.webmonster.de [194.162.162.209]) by hub.freebsd.org (Postfix) with SMTP id 712A737B416 for ; Tue, 26 Mar 2002 09:56:53 -0800 (PST) Received: (qmail 23307 invoked by uid 1000); 26 Mar 2002 17:57:14 -0000 Date: Tue, 26 Mar 2002 18:57:14 +0100 From: "Karsten W. Rohrbach" To: Mike Silbersack Cc: Colin Percival , freebsd-security@freebsd.org Subject: Re: It's time for those 2048-, 3072-, and 4096-bit keys? Message-ID: <20020326185714.F22539@mail.webmonster.de> Mail-Followup-To: "Karsten W. Rohrbach" , Mike Silbersack , Colin Percival , freebsd-security@freebsd.org References: <5.0.2.1.1.20020326024955.02392830@popserver.sfu.ca> <20020326034234.Q10197-100000@patrocles.silby.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="aPdhxNJGSeOG9wFI" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020326034234.Q10197-100000@patrocles.silby.com>; from silby@silby.com on Tue, Mar 26, 2002 at 03:47:49AM -0600 X-Arbitrary-Number-Of-The-Day: 42 X-URL: http://www.webmonster.de/ X-Disclaimer: My opinions do not necessarily represent those of my employer X-Work-URL: http://www.ngenn.net/ X-Work-Address: nGENn GmbH, Schloss Kransberg, D-61250 Usingen-Kransberg, Germany X-Work-Phone: +49-6081-682-304 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --aPdhxNJGSeOG9wFI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Mike Silbersack(silby@silby.com)@2002.03.26 03:47:49 +0000: >=20 > Versions of ssh which use RSAREF (those compiled before the patent ended, > basically) can't handle keys over 1024 bits in length, IIRC. Hence, you'd > have to be very careful when bumping up the size of sshv1 keys on a system > which may have old clients connection. shouldn't the v1 protocol be killed anyway? ;-) i guess in the states you still got a lot of rsa driven clients, eh? in case of field upgradeability of the clients, i would switch to v2 (which actually is what i did on several public systems) and the users are very happy about the new features (like twofish, etc) that it gives them. /k --=20 > "Niklaus Wirth has lamented that, whereas Europeans pronounce his name > correctly (Ni-klows Virt), Americans invariably mangle it into > (Nick-les Worth). Which is to say that Europeans call him by name, but > Americans call him by value." KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n= et/ GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B= F46 My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ Please do not remove my address from To: and Cc: fields in mailing lists. 1= 0x --aPdhxNJGSeOG9wFI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8oLZ5M0BPTilkv0YRAiBmAJ42BQLdQEl7c/LKTS2xKADGuErThQCfZCMc OmngsG5Uwgp70naam39n5tQ= =wf/t -----END PGP SIGNATURE----- --aPdhxNJGSeOG9wFI-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message