Hardware potential to duplicate existing host keys... RSA DSA
ECDSA was Add rc.conf variables...
J. Hellenthal
jhellenthal at dataix.net
Mon Jun 25 16:09:13 UTC 2012
On Mon, Jun 25, 2012 at 02:31:04AM +0100, RW wrote:
> On Sun, 24 Jun 2012 17:23:47 -0400
> Robert Simmons wrote:
>
> > On Sun, Jun 24, 2012 at 5:18 PM, Dag-Erling Smørgrav <des at des.no>
> > wrote:
> > > Robert Simmons <rsimmons0 at gmail.com> writes:
> > >> In light of advanced in processors and GPUs, what is the potential
> > >> for duplication of RSA, DSA, and ECDSA keys at the current default
> > >> key lengths (2048, 1024, and 256 respectively)?
> > >
> > > You do know that these keys are used only for authentication, and
> > > not for encryption, right?
> >
> > Yes, the encryption key length is determined by which symmetric cipher
> > is negotiated between the client and server based on what is available
> > from the Ciphers line in sshd_config and ssh_config.
>
> I'm not very familiar with ssh, but surely they're also used for
> session-key exchange, which makes them crucial to encryption. They
> should be as secure as the strongest symmetric cipher they need to work
> with.
This should give you a good outline of it.
http://www.linuxjournal.com/article/9566
--
- (2^(N-1))
More information about the freebsd-security
mailing list