Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Re: [suse-security] What's the length of ssh keys?
I do not believe my original message regarding this was sent.

Here are a few articles which discuss this issue:

http://www.rsasecurity.com/rsalabs/technotes/bernstein.html
http://www.networkcomputing.com/buzzcut/020412bc.html
http://www.vnunet.com/News/1130451

These provide some different views on the issue.

Here is a link to Bernstein's paper if you are mathematically inclinded:
http://cr.yp.to/papers.html#nfscircuit

I believe the real issue here is, do you have some secret which is worth
someone spending $1 billion (or even $100 million) to protect? If so, then
more power to you. Granted, the computing power to crack the key is
going to come about at some time in the future (as indicated in various
papers), for much less money. But cryptographic algorythms will be
improved at the same time. Seems that 1024 is strong enough for 99% of
its uses currently.

Just my 2 cents worth (can't even get a gum ball for that anymore).

Jim

7/2/2002 2:18:42 AM, Olaf Kirch <okir@xxxxxxx> wrote:

>On Mon, Jul 01, 2002 at 06:23:45PM +0200, Praise wrote:
>> A friend of mine told me that 1024bit keys were broken, and he advised
me to
>> use 4096bit keys...
>> I think he is confusing ssl with ssh.
>> Do you have similar information on this?
>
>There is a paper by Dan Bernstein that discusses how much computing
power
>(and money) it would take to build something that's able to brute force
>a 1024 bit RSA key.
>
>Based on this paper, I believe, some people recently drew the conclusion
>that you can build such a thing for 1 billion USD which should be well
>within the budget of several US government agencies. None of this is
>proven, and pretty much of this is based on speculation.
>
>This is, to my knowledge, what this entire "stop using 1024 bit RSA
>keys" discussion is based upon. Whether you consider this a serious
>threat greatly depends on your personal paranoia quotient when it comes
>to said US government agencies.
>
>My personal opinion is, there's no need to panic, and throw away
>all your keys. If you do create a new key, it is a good idea to
>choose a bigger key length if the software supports it.
>
>Olaf
>--
>Olaf Kirch | Anyone who has had to work with X.509 has probably
>okir@xxxxxxx | experienced what can best be described as
>---------------+ ISO water torture. -- Peter Gutmann
>
>--
>To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>For additional commands, e-mail: suse-security-help@xxxxxxxx
>Security-related bug reports go to security@xxxxxxx, not here
>
>




< Previous Next >
References