Legacy option for key length?
Emmanuel Deloget
logout at free.fr
Mon Jan 1 05:28:08 AEDT 2018
On Sun, Dec 31, 2017 at 7:24 PM, Emmanuel Deloget <logout at free.fr> wrote:
> Hello,
>
> On Sat, Dec 30, 2017 at 12:16 AM, Daniel Kahn Gillmor <
> dkg at fifthhorseman.net> wrote:
>
>> On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote:
>>
>>
>> > Perhaps if you're dead-set on this being so dangerous,
>>
>> It's not the developers who are dead-set on weak-keyed RSA being
>> insecure, it's the cryptanalysts who have shown that to be the case :)
>>
>
>
> To further supplement this point, here is the paper that explain how
> RSA-768 was factorized. In 2010, the authors estimated that it would take
> around 1500 years to a single-core machine of this generation to do the
> same thing. We're 7 years after their first results, and we now have access
> to massive cloud-based behemoths for a discount. How much time would it
> resist?
>
Of course, it's always better with the link itself:
https://eprint.iacr.org/2010/006.pdf
>
> The idea of removing weak ciphers from a widely used piece of software is
> a good one - that way, you strengthen the whole ecosystem. Going the
> reverse path would simply make less informed people be the weak link of the
> Internet, putting possibly many more at risk.
>
> Best regards,
>
> -- Emmanuel Deloget
>
>
>
More information about the openssh-unix-dev
mailing list