Date: Tue, 26 Mar 2002 03:47:49 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Colin Percival <colin.percival@wadham.ox.ac.uk> Cc: freebsd-security@freebsd.org Subject: Re: It's time for those 2048-, 3072-, and 4096-bit keys? Message-ID: <20020326034234.Q10197-100000@patrocles.silby.com> In-Reply-To: <5.0.2.1.1.20020326024955.02392830@popserver.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 26 Mar 2002, Colin Percival wrote: > Is there any other reason for not changing the default key size? > > Colin Percival Versions of ssh which use RSAREF (those compiled before the patent ended, basically) can't handle keys over 1024 bits in length, IIRC. Hence, you'd have to be very careful when bumping up the size of sshv1 keys on a system which may have old clients connection. However, I think it _would_ be safe to bump up the sshv1 session key from 768 to the largest possible key < 1024 bits in the default options. (I would say 1024 bits, but I believe that there's also some stipulation that host key length != session key length.) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020326034234.Q10197-100000>