Date: Tue, 26 Mar 2002 18:57:14 +0100 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: Mike Silbersack <silby@silby.com> Cc: Colin Percival <colin.percival@wadham.ox.ac.uk>, freebsd-security@freebsd.org Subject: Re: It's time for those 2048-, 3072-, and 4096-bit keys? Message-ID: <20020326185714.F22539@mail.webmonster.de> In-Reply-To: <20020326034234.Q10197-100000@patrocles.silby.com>; from silby@silby.com on Tue, Mar 26, 2002 at 03:47:49AM -0600 References: <5.0.2.1.1.20020326024955.02392830@popserver.sfu.ca> <20020326034234.Q10197-100000@patrocles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--aPdhxNJGSeOG9wFI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Mike Silbersack(silby@silby.com)@2002.03.26 03:47:49 +0000: >=20 > Versions of ssh which use RSAREF (those compiled before the patent ended, > basically) can't handle keys over 1024 bits in length, IIRC. Hence, you'd > have to be very careful when bumping up the size of sshv1 keys on a system > which may have old clients connection. shouldn't the v1 protocol be killed anyway? ;-) i guess in the states you still got a lot of rsa driven clients, eh? in case of field upgradeability of the clients, i would switch to v2 (which actually is what i did on several public systems) and the users are very happy about the new features (like twofish, etc) that it gives them. /k --=20 > "Niklaus Wirth has lamented that, whereas Europeans pronounce his name > correctly (Ni-klows Virt), Americans invariably mangle it into > (Nick-les Worth). Which is to say that Europeans call him by name, but > Americans call him by value." KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n= et/ GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B= F46 My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ Please do not remove my address from To: and Cc: fields in mailing lists. 1= 0x --aPdhxNJGSeOG9wFI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8oLZ5M0BPTilkv0YRAiBmAJ42BQLdQEl7c/LKTS2xKADGuErThQCfZCMc OmngsG5Uwgp70naam39n5tQ= =wf/t -----END PGP SIGNATURE----- --aPdhxNJGSeOG9wFI-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020326185714.F22539>