[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages to remove from frozen

On Thu, 9 Mar 2000, Junichi Uekawa wrote:
> Isn't it that to decrypt 1024 key takes double the amount of
> CPU time than decrypting 1023 key, as long as there is no other
> method than brute-force method of trying every combination.
> IMO It is a serious security issue, when the system is half as secure
> and one is not notified. And the person is trying to use a ssh.

Where 'n' is a "reasonable" amount of time to crack a key using
brute-force, doubling 'n' does not equate to doubling the security of your
system.  At the most, you have caused the cracker the minor annoyance of
having to wait twice as long for a result. 

Conversely, if '2n' is an "unreasonable" amount of time to crack a key
using brute-force, halving it to 'n' does not equate to halving the
security of your system.

In other words, I rely on my ssh keys being several orders of magnitude
more difficult to crack than weaker crypto that is crackable in a
"reasonable" amount of time by brute force.  Whether the keys are 1023 bit
or 1024 bit is irrelevant.  Both accomplish this goal.

    nSLUG       http://www.nslug.ns.ca      synrg@sanctuary.nslug.ns.ca
    Debian      http://www.debian.org       synrg@debian.org
[ pgp key fingerprint = 7F DA 09 4B BA 2C 0D E0  1B B1 31 ED C6 A9 39 4F ]
[ gpg key fingerprint = 395C F3A4 35D3 D247 1387  2D9E 5A94 F3CA 0B27 13C8 ]

Reply to: