Re: Legacy option for key length?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello,

On Sat, Dec 30, 2017 at 12:16 AM, Daniel Kahn Gillmor <dkg@xxxxxxxxxxxxxxxxx
> wrote:

> On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote:
>
>
> > Perhaps if you're dead-set on this being so dangerous,
>
> It's not the developers who are dead-set on weak-keyed RSA being
> insecure, it's the cryptanalysts who have shown that to be the case :)
>


​To further supplement this point, here is the paper that explain how
RSA-768 was factorized. In 2010, the authors estimated that it would take
around 1500 years to a single-core machine of this generation to ​do the
same thing. We're 7 years after their first results, and we now have access
to massive cloud-based behemoths for a discount. How much time would it
resist?

The idea of removing weak ciphers from a widely used piece of software is a
good one - that way, you strengthen the whole ecosystem. Going the reverse
path would simply make less informed people be the weak link of the
Internet, putting possibly many more at risk.

Best regards,

-- Emmanuel Deloget
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux