Subject: Re: 1024 bit key considered insecure (sshd)
To: None <>
From: Perry E. Metzger <>
List: tech-security
Date: 08/29/2002 02:08:27
Mipam <> writes:
> On Wed, Aug 28, 2002 at 10:57:55PM +0200, Matthias Buelow wrote:
> > >and maybe we should update our rc scripts,
> > >so that ssh-keygen generates at least 1280 Bit keys
> > 
> > I think this is highly overrated and only of theoretical
> > value for most *BSD users.
> I dont think its too much overrated and theoretical.

I do. If someone with millions of dollars to spend on custom designed
hardware wants to break into your computer, I assure you that
increasing the size of your ssh keys will not stop them. Nor, for that
matter, would the slow and tedious process of cracking your ssh keys
be nearly as efficient as the more pragmatic alternatives.

That said, those running on newer hardware can probably reasonably use
larger keys if they wish.

Perry E. Metzger
"Ask not what your country can force other people to do for you..."