Re: FW: 1024-bit RSA keys in danger of compromise

[Theo de Raadt <deraadt@cvs.openbsd.org>]

> On Mon, Mar 25, 2002 at 05:23:34PM -0700, Theo de Raadt wrote:
> 
> > > To be  prudent, there  should be  a general  migration towards
> > > longer  keys, in  the neighborhood  of 2kbits  to 4kbits. This
> > > really  only  needs be  done  when  a  new key  is  generated,
> > > anyway--and nobody should panic if that isn't for some time.
> >
> > This is not feasable.
> >
> > It takes anything less than a  Pentium 200, and quickly moves it
> > towards the garbage heap.
> 
> Is this for key generation only,  or for all operations that use a
> large key? Not that it's a huge  deal, but if only the former then
> the lifespan could be extended by generating the keys elsewhere.

Try using ssh2 to a sparc 20.  The DH kills it, but the same basic
rule applies to larger RSA or DSA keys.

> > Honestly, I think our society and planet is at greater risk from
> > the amount  of computers  going to the  garbage dump,  than this
> > little possible issue....
> 
> Amen. I can't bear to toss out the perfectly functional 486 I have
> in the closet,  even though it hasn't been powered  on in a couple
> years. To think of what we're doing  to the landfills that used to
> be landscapes, and the masses who  would die to get their hands on
> what goes in them...

Computers all build using really really nasty chemicals.

> By all  means, if large  keys makes old hardware  unusuable, let's
> stick with smaller ones.