Hardware potential to duplicate existing host keys... RSA DSA
ECDSA was Add rc.conf variables...
Robert Simmons
rsimmons0 at gmail.com
Sun Jun 24 19:34:16 UTC 2012
On Sun, Jun 24, 2012 at 2:56 PM, Mark Felder <feld at feld.me> wrote:
> On Sun, 24 Jun 2012 13:34:45 -0500, Robert Simmons <rsimmons0 at gmail.com>
> wrote:
>
>> In light of advanced in processors and GPUs, what is the potential for
>> duplication of RSA, DSA, and ECDSA keys at the current default key
>> lengths (2048, 1024, and 256 respectively)?
>>
>
> I've been able to duplicate keys for years simply using cp(1)
>
> Define "duplicate". Are you asking about some sort of collision? Are you
> asking about brute forcing an encrypted stream and deducing what the private
> key is?
And as a flip side to the argument, is there a reason not to raise the
default to 4096? Certainly the same advances in processors makes this
size key quite usable. I've seen no noticeable slowness with 4096 bit
RSA or 521 bit ECDSA.
More information about the freebsd-security
mailing list