[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages to remove from frozen

isn't the problem here that the server is misrepresenting itself? a one bit
difference may not make a less secure key, but it could quite possibly be an
indication of some deception. i worry that altering the client to ignore
this type of error will only open us up to attack, be it man-in-the-middle
or otherwise.

Ben Armstrong (synrg@sanctuary.nslug.ns.ca) wrote:
> On Thu, 9 Mar 2000, Junichi Uekawa wrote:
> > Isn't it that to decrypt 1024 key takes double the amount of
> > CPU time than decrypting 1023 key, as long as there is no other
> > method than brute-force method of trying every combination.
> > 
> > IMO It is a serious security issue, when the system is half as secure
> > and one is not notified. And the person is trying to use a ssh.
> Where 'n' is a "reasonable" amount of time to crack a key using
> brute-force, doubling 'n' does not equate to doubling the security of your
> system.  At the most, you have caused the cracker the minor annoyance of
> having to wait twice as long for a result. 
> Conversely, if '2n' is an "unreasonable" amount of time to crack a key
> using brute-force, halving it to 'n' does not equate to halving the
> security of your system.
> In other words, I rely on my ssh keys being several orders of magnitude
> more difficult to crack than weaker crypto that is crackable in a
> "reasonable" amount of time by brute force.  Whether the keys are 1023 bit
> or 1024 bit is irrelevant.  Both accomplish this goal.
> Ben
> -- 
>     nSLUG       http://www.nslug.ns.ca      synrg@sanctuary.nslug.ns.ca
>     Debian      http://www.debian.org       synrg@debian.org
> [ pgp key fingerprint = 7F DA 09 4B BA 2C 0D E0  1B B1 31 ED C6 A9 39 4F ]
> [ gpg key fingerprint = 395C F3A4 35D3 D247 1387  2D9E 5A94 F3CA 0B27 13C8 ]
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

(jacob kuntz)                    jpk@cape.com jake@{megabite,underworld}.net
(megabite systems)                       "think free speech, not free beer."

Reply to: