Hardware potential to duplicate existing host keys... RSA DSA ECDSA was Add rc.conf variables...

RW rwmaillists at googlemail.com
Mon Jun 25 01:31:09 UTC 2012


On Sun, 24 Jun 2012 17:23:47 -0400
Robert Simmons wrote:

> On Sun, Jun 24, 2012 at 5:18 PM, Dag-Erling Smørgrav <des at des.no>
> wrote:
> > Robert Simmons <rsimmons0 at gmail.com> writes:
> >> In light of advanced in processors and GPUs, what is the potential
> >> for duplication of RSA, DSA, and ECDSA keys at the current default
> >> key lengths (2048, 1024, and 256 respectively)?
> >
> > You do know that these keys are used only for authentication, and
> > not for encryption, right?
> 
> Yes, the encryption key length is determined by which symmetric cipher
> is negotiated between the client and server based on what is available
> from the Ciphers line in sshd_config and ssh_config.

I'm not very familiar with ssh, but surely they're also used for
session-key exchange, which makes them crucial to encryption. They
should be as secure as the strongest symmetric cipher they need to work
with.


More information about the freebsd-security mailing list