Re: Factorization of a 768-bit RSA modulus

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu 2015-01-08 09:15:20 -0500, Fedor Brunner wrote:
> ssh-keygen.c contains condition
>
>      else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)
>              fatal("Key must at least be 768 bits");
>
> Please increase the minimal RSA key length.
>
>
> https://eprint.iacr.org/2010/006
> This paper reports on the factorization of the 768-bit number RSA-768 by
> the number field sieve factoring method

This seems to still be the case:

https://anongit.mindrot.org/openssh.git/tree/ssh-keygen.c#n216

a minimum of 1024 bits would still be low, but it would be better than
768.

Arguably, modern SSH clients and servers shouldn't even accept 768-bit
keys, let alone generate them.

Is there interest upstream in raising this floor?

   --dkg
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux