Yuppa, Steffen Dettmer wrote: [...]

Well, and if you do not trust 1024 Bit, I really wonder why someone should upgrade to 4096 bit. IIRC adding tree bits or so of length would statistical double the needed break time. In that case, going from 1024 to 4096 bit would double 1024 times, that is 2^1024 (and not 2*1024!) which evaluates to

17976931348623159077293051907890247336179769789423065727343008115773\ 26758055009631327084773224075360211201138798713933576587897688144166\ 22492847430639474124377767893424865485276302219601246094119453082952\ 08500576883815068234246288147391311054082723716335051068458629823994\ 7245938479716304835356329624224137216

times. So even 2048 bits are really paranoid - assumed some agency use weeks of computing power of the billion dollar machine to break *your* 1024 SSH/SSL/TLS RSA key..

Quite right. On the other hand, I wouldn't even bet on a 2048 bit key in the wake of recent efforts (and steps forward) in quantum computing, but that's prolly just me. Fact is that good intelligence can be obtained by traffic analysis alone. In most cases, it's not necessary to brute-force into an encrypted message, so the key size alone is a good, but not the only factor in this "game". My $1. Could I have change, please. Boris ---

On Mon, Jul 01, 2002 at 06:23:45PM +0200, Praise wrote:

...

A friend of mine told me that 1024bit keys were broken, and he advised me to use 4096bit keys... I think he is confusing ssl with ssh. Do you have similar information on this?

There is a paper by Dan Bernstein that discusses how much computing

I do not believe my original message regarding this was sent. Here are a few articles which discuss this issue: http://www.rsasecurity.com/rsalabs/technotes/bernstein.html http://www.networkcomputing.com/buzzcut/020412bc.html http://www.vnunet.com/News/1130451 These provide some different views on the issue. Here is a link to Bernstein's paper if you are mathematically inclinded: http://cr.yp.to/papers.html#nfscircuit I believe the real issue here is, do you have some secret which is worth someone spending $1 billion (or even $100 million) to protect? If so, then more power to you. Granted, the computing power to crack the key is going to come about at some time in the future (as indicated in various papers), for much less money. But cryptographic algorythms will be improved at the same time. Seems that 1024 is strong enough for 99% of its uses currently. Just my 2 cents worth (can't even get a gum ball for that anymore). Jim 7/2/2002 2:18:42 AM, Olaf Kirch wrote: power

(and money) it would take to build something that's able to brute force a 1024 bit RSA key.

Based on this paper, I believe, some people recently drew the conclusion that you can build such a thing for 1 billion USD which should be well within the budget of several US government agencies. None of this is proven, and pretty much of this is based on speculation.

This is, to my knowledge, what this entire "stop using 1024 bit RSA keys" discussion is based upon. Whether you consider this a serious threat greatly depends on your personal paranoia quotient when it comes to said US government agencies.

My personal opinion is, there's no need to panic, and throw away all your keys. If you do create a new key, it is a good idea to choose a bigger key length if the software supports it.

Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

Hi, I am new to this list and I have a question concerning possible attacks on a webserver I am maintaining at my university. Regular checks of our logfiles turned up some strange requests coming from various IP addresses over the last week. They usually lasted for half an hour leaving the following entries in our logfiles: in /var/log/access_log: xxx.xxx.xxx.xxx - - [01/Jul/2002:19:24:51 +0200] "POST /index.php HTTP/1.1" 200 12781 ... (every 5 secs.) in /var/log/error_log: [Mon Jul 1 19:24:48 2002] [notice] child pid 877 exit signal Segmentation fault (11) ... (roughly 4000 segfaults altogether) The machine is running SuSE 7.3 with the following packages that may be related to these events: nue007:~ # rpm -q --all | grep "apache\|php" apache-devel-1.3.20-66 mod_php4-core-4.0.6-160 mod_php4-4.0.6-160 phpMyAdmin-2.2.0-21 apache-doc-1.3.20-66 apache-1.3.20-66 Perhaps this is nothing to worry about, but I was not sure and had a look on the internet. I assumed a connection with the PHP file upload vulnerabilities and exploits as discussed in http://www.cert.org/advisories/CA-2002-05.html, http://lists.insecure.org/vuln-dev/2002/Mar/0025.html and http://lists2.suse.com/archive/suse-security/2002-Jun/0414.html but thought that these were already patched using the above packages as described in http://www.suse.de/de/support/security/2002_007_mod_php4_txt.html. Does anybody know if there are other explanations for these segfaults? Am I still vulnerable even after doing regular security updates of all packages? How can I find out if my machine has been hacked? Perhaps this information is available somewhere on the Internet, but I didn´t find anything and am hoping that someone on this list can give me a hint. Thanks in advance, Bastian