Re: Packages to remove from frozen
isn't the problem here that the server is misrepresenting itself? a one bit
difference may not make a less secure key, but it could quite possibly be an
indication of some deception. i worry that altering the client to ignore
this type of error will only open us up to attack, be it man-in-the-middle
or otherwise.
Ben Armstrong (synrg@sanctuary.nslug.ns.ca) wrote:
> On Thu, 9 Mar 2000, Junichi Uekawa wrote:
> > Isn't it that to decrypt 1024 key takes double the amount of
> > CPU time than decrypting 1023 key, as long as there is no other
> > method than brute-force method of trying every combination.
> >
> > IMO It is a serious security issue, when the system is half as secure
> > and one is not notified. And the person is trying to use a ssh.
>
> Where 'n' is a "reasonable" amount of time to crack a key using
> brute-force, doubling 'n' does not equate to doubling the security of your
> system. At the most, you have caused the cracker the minor annoyance of
> having to wait twice as long for a result.
>
> Conversely, if '2n' is an "unreasonable" amount of time to crack a key
> using brute-force, halving it to 'n' does not equate to halving the
> security of your system.
>
> In other words, I rely on my ssh keys being several orders of magnitude
> more difficult to crack than weaker crypto that is crackable in a
> "reasonable" amount of time by brute force. Whether the keys are 1023 bit
> or 1024 bit is irrelevant. Both accomplish this goal.
>
> Ben
> --
> nSLUG http://www.nslug.ns.ca synrg@sanctuary.nslug.ns.ca
> Debian http://www.debian.org synrg@debian.org
> [ pgp key fingerprint = 7F DA 09 4B BA 2C 0D E0 1B B1 31 ED C6 A9 39 4F ]
> [ gpg key fingerprint = 395C F3A4 35D3 D247 1387 2D9E 5A94 F3CA 0B27 13C8 ]
>
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
(jacob kuntz) jpk@cape.com jake@{megabite,underworld}.net
(megabite systems) "think free speech, not free beer."
Reply to: