Jacob Bachmeyer via cfarm-users <cfarm-users@lists.tetaneutral.net> writes:
>512-bit RSA is definitely breakable and should not be used for a long-term >key. 768 bits is also too short; 1024 is currently marginal and definitely >not suitable for a high-value target, but impersonating a cfarm host will not >get an attacker much other than (eventually) caught. In this case it's really just a nuisance (in terms of getting warnings about 512-bit keys), they're public machines that anyone can request an account on, used to test open-source software that anyone can get a copy of. It's a bit like the joke that (Moxie Marlinspike?) made about people being paranoid about encryption security being broken by the US government while accessing public web sites run by the US government. Same with the use of SHA-1, the attacks are chosen-prefix offline attacks which means the attacker gets to select the initial state and then spend as much time as they like on getting a collision, neither of which apply to SSH, TLS, IPsec, etc. So apart from the nuisance warnings there's not much need to do anything, particularly if they're older systems that would be problematic to move to newer SSH versions. Peter. _______________________________________________ cfarm-users mailing list cfarm-users@lists.tetaneutral.net https://lists.tetaneutral.net/listinfo/cfarm-users
