Here is a set of patches that add functionality to rc.conf allowing
users an easy way to control the length of the host keys used with ssh
(specifically RSA and ECDSA used with protocol version 2).
I would like to also discuss the merits of changing FreeBSD's default
behavior to using 4096 bit RSA
On 24. Jun 2012, at 16:07 , Robert Simmons wrote:
> Here is a set of patches that add functionality to rc.conf allowing
> users an easy way to control the length of the host keys used with ssh
> (specifically RSA and ECDSA used with protocol version 2).
Created for, not used with -- right?
The
On Sun, Jun 24, 2012 at 04:34:04PM +, Bjoern A. Zeeb wrote:
>
> On 24. Jun 2012, at 16:07 , Robert Simmons wrote:
>
> > Here is a set of patches that add functionality to rc.conf allowing
> > users an easy way to control the length of the host keys used with ssh
> > (specifically RSA and EC
On Sun, Jun 24, 2012 at 12:34 PM, Bjoern A. Zeeb
wrote:
> On 24. Jun 2012, at 16:07 , Robert Simmons wrote:
>> Here is a set of patches that add functionality to rc.conf allowing
>> users an easy way to control the length of the host keys used with ssh
>> (specifically RSA and ECDSA used with prot
On Sun, Jun 24, 2012 at 12:59 PM, J. Hellenthal wrote:
> These are more then sufficient for any normal ssh use.
I'm sorry if I sound rude, but I wanted to have a bit more of a
substantive discussion than quoting the man pages. Especially since
what you are quoting dates back to a change to
src/c
On Sun, Jun 24, 2012 at 01:26:21PM -0400, Robert Simmons wrote:
> On Sun, Jun 24, 2012 at 12:59 PM, J. Hellenthal
> wrote:
> > These are more then sufficient for any normal ssh use.
>
> I'm sorry if I sound rude, but I wanted to have a bit more of a
> substantive discussion than quoting the ma
On Sun, Jun 24, 2012 at 2:15 PM, J. Hellenthal wrote:
> On Sun, Jun 24, 2012 at 01:26:21PM -0400, Robert Simmons wrote:
>> On Sun, Jun 24, 2012 at 12:59 PM, J. Hellenthal
>> wrote:
>> > These are more then sufficient for any normal ssh use.
>>
>> I'm sorry if I sound rude, but I wanted to have a
In light of advanced in processors and GPUs, what is the potential for
duplication of RSA, DSA, and ECDSA keys at the current default key
lengths (2048, 1024, and 256 respectively)?
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/ma
On Sun, Jun 24, 2012 at 2:15 PM, J. Hellenthal wrote:
> Unfortunately I see that as a different thread "Hardware potential to
> duplicate existing host keys... RSA DSA ECDSA"
New thread started.
___
freebsd-security@freebsd.org mailing list
http://lists
On Sun, Jun 24, 2012 at 02:26:02PM -0400, Robert Simmons wrote:
> On Sun, Jun 24, 2012 at 2:15 PM, J. Hellenthal wrote:
> > On Sun, Jun 24, 2012 at 01:26:21PM -0400, Robert Simmons wrote:
> >> On Sun, Jun 24, 2012 at 12:59 PM, J. Hellenthal
> >> wrote:
> >> > These are more then sufficient for
On Sun, Jun 24, 2012 at 02:34:45PM -0400, Robert Simmons wrote:
> In light of advanced in processors and GPUs, what is the potential for
> duplication of RSA, DSA, and ECDSA keys at the current default key
> lengths (2048, 1024, and 256 respectively)?
Just missed this one...
http://en.wikipedia
On Sun, 24 Jun 2012 13:34:45 -0500, Robert Simmons
wrote:
In light of advanced in processors and GPUs, what is the potential for
duplication of RSA, DSA, and ECDSA keys at the current default key
lengths (2048, 1024, and 256 respectively)?
I've been able to duplicate keys for years simply
On Sun, Jun 24, 2012 at 03:14:51PM -0400, Garrett Wollman wrote:
> < said:
>
> > 2048 is well more than efficient. Speaking soley for RSA in that matter.
>
> I asked R. about that a few months back, and he expressed the view
> that 2,048 bits is the *minimum* RSA key size anyone should conside
On Sun, Jun 24, 2012 at 2:56 PM, Mark Felder wrote:
> On Sun, 24 Jun 2012 13:34:45 -0500, Robert Simmons
> wrote:
>
>> In light of advanced in processors and GPUs, what is the potential for
>> duplication of RSA, DSA, and ECDSA keys at the current default key
>> lengths (2048, 1024, and 256 respe
On Sun, Jun 24, 2012 at 2:56 PM, Mark Felder wrote:
> On Sun, 24 Jun 2012 13:34:45 -0500, Robert Simmons
> wrote:
>
>> In light of advanced in processors and GPUs, what is the potential for
>> duplication of RSA, DSA, and ECDSA keys at the current default key
>> lengths (2048, 1024, and 256 respe
Just to go back the beginning of the thread, sorry: other than the
wording of generate/create vs use with, does anyone see any other
problems with the patches?
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd
On Sun, Jun 24, 2012 at 03:34:15PM -0400, Robert Simmons wrote:
> On Sun, Jun 24, 2012 at 2:56 PM, Mark Felder wrote:
> > On Sun, 24 Jun 2012 13:34:45 -0500, Robert Simmons
> > wrote:
> >
> >> In light of advanced in processors and GPUs, what is the potential for
> >> duplication of RSA, DSA, a
Robert Simmons writes:
> In light of advanced in processors and GPUs, what is the potential for
> duplication of RSA, DSA, and ECDSA keys at the current default key
> lengths (2048, 1024, and 256 respectively)?
You do know that these keys are used only for authentication, and not
for encryption,
On Sun, Jun 24, 2012 at 5:18 PM, Dag-Erling Smørgrav wrote:
> Robert Simmons writes:
>> In light of advanced in processors and GPUs, what is the potential for
>> duplication of RSA, DSA, and ECDSA keys at the current default key
>> lengths (2048, 1024, and 256 respectively)?
>
> You do know that
On 06/24/2012 09:07, Robert Simmons wrote:
> Here is a set of patches that add functionality to rc.conf allowing
> users an easy way to control the length of the host keys used with ssh
Sorry, this doesn't belong in rc.d. The defaults are more than
sufficient for the overwhelming majority of FreeB
<
said:
> 2048 is well more than efficient. Speaking soley for RSA in that matter.
I asked R. about that a few months back, and he expressed the view
that 2,048 bits is the *minimum* RSA key size anyone should consider
using at this point. I'm willing to take his word for it.
-GAWollman
__
On Sun, 24 Jun 2012 17:23:47 -0400
Robert Simmons wrote:
> On Sun, Jun 24, 2012 at 5:18 PM, Dag-Erling Smørgrav
> wrote:
> > Robert Simmons writes:
> >> In light of advanced in processors and GPUs, what is the potential
> >> for duplication of RSA, DSA, and ECDSA keys at the current default
> >>
On 24. Jun 2012, at 17:14 , Robert Simmons wrote:
> On Sun, Jun 24, 2012 at 12:34 PM, Bjoern A. Zeeb
> wrote:
>> On 24. Jun 2012, at 16:07 , Robert Simmons wrote:
>>> Here is a set of patches that add functionality to rc.conf allowing
>>> users an easy way to control the length of the host keys
On Sun, Jun 24, 2012 at 9:46 PM, Bjoern A. Zeeb
wrote:
>
> On 24. Jun 2012, at 17:14 , Robert Simmons wrote:
>
>> On Sun, Jun 24, 2012 at 12:34 PM, Bjoern A. Zeeb
>> wrote:
>>> On 24. Jun 2012, at 16:07 , Robert Simmons wrote:
Here is a set of patches that add functionality to rc.conf allowi
On Sun, Jun 24, 2012 at 9:46 PM, Bjoern A. Zeeb
wrote:
>
> On 24. Jun 2012, at 17:14 , Robert Simmons wrote:
>
>> On Sun, Jun 24, 2012 at 12:34 PM, Bjoern A. Zeeb
>> wrote:
>>> On 24. Jun 2012, at 16:07 , Robert Simmons wrote:
Here is a set of patches that add functionality to rc.conf allowi
25 matches
Mail list logo
