On Fri, Mar 21, 2014 at 12:15 PM, Daniel Kahn Gillmor <dkg@xxxxxxxxxxxxxxxxx> wrote: > those limits suggest that the size is 128kiB on anything resembling a > modern Linux system. How about other platforms? > ssh-keygen doesn't generate anything greater than 16384 bits (16Kib, or > 2KiB), and very few people use anything even close to that size. using > base64 encoding inflates the size to 4/3, so we're talking about < 3KiB > for the full base64-enoded, largest possible public key. > > More modern keys (EdDSA or ECDSA) are much much smaller. > > I'm glad you're thinking about size limits for env and argv, but i don't > think this is even close to the size limits of realistic systems. Even though ssh-keygen doesn't produce anything larger than 16384 bits, wouldn't it be possible for somebody to craft a key that is larger to attempt a buffer overflow? _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
