[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FW: 1024-bit RSA keys in danger of compromise

To: <misc@openbsd.org>
Subject: Re: FW: 1024-bit RSA keys in danger of compromise
From: "Chris Hedemark" <chris@yonderway.com>
Date: Tue, 26 Mar 2002 08:25:46 -0500
References: <001101c1d44d$d3a21670$6a00020a@heppu> <200203252308.g2PN8jKp004522@cvs.openbsd.org> <20020325165718.B10297@trumpetpower.com>

Ben Goren said:
> To be prudent, there should  be a general migration towards longer
> keys, in  the neighborhood of  2kbits to 4kbits. This  really only
> needs  be done  when a  new key  is generated,  anyway--and nobody
> should panic if that isn't for some time.

As a guy with a lot of Pentium 133's, Apple LC's, HP 9000 model 712's, and
other old obsolete machines I have to disagree with you there Ben.

These computers were perfectly good in their day.  A Pentium 133 was my
primary machine until a little over a year ago (even though I had faster
boxes at my disposal).  While these machines are fine for most purposes,
they really start to bog down when running any kind of cryptography apps
that use large keys.

I'd suggest that 1K keys are fine for mortal man, and that cracking anything
of this size would require considerable expense.  With key lengths of 1K in
size, other means of espionage become much more attractive such as keyboard
sniffers or the curious van parked in front of your house reading the EM
from your monitor and reconstructing the image.  If you're using 1K keys and
someone really wants to get at your information, these sorts of tactics are
far more likely to be used.

It's kind of nice being satisfied with machines of this vintage.  For
example, procuring a whole tractor trailer load of PC's that a public school
auctioned to me for about $50 total.  According to the school they were
obsolete.  I've found them to make excellent X terminals, firewalls, and
even CLI hosts for running old school apps like pine & vi.    $4 per host
upgrades the memory from 16MB to 32MB and roughly doubles the usefulness of
the machine in the process.

If you look at the power of a new computer for about $400 vs. the
affordability of and old computer for $4 and change, it seems there is a
point of diminishing returns in buying new hardware for general use
purposes.  Certainly if you are doing a lot of development, MP3 crunching,
radiology work, etc. this won't apply but if you're just reading email,
surfing the web, using a word processor, etc. the old machines are still
quite attractive.  Please don't pursue a path that would make these machines
truly obsolete in the name of a false sense of security.

Follow-Ups:
- Now OT: Random musings - was 1024-bit RSA keys in danger of compromise
  - From: Mike Shaw <mshaw@wwisp.com>

References:
- FW: 1024-bit RSA keys in danger of compromise
  - From: "Jyri Hovila" <jyri.hovila@iki.fi>
- Re: FW: 1024-bit RSA keys in danger of compromise
  - From: Theo de Raadt <deraadt@cvs.openbsd.org>
- Re: FW: 1024-bit RSA keys in danger of compromise
  - From: Ben Goren <ben@trumpetpower.com>

Prev by Date: Re: stop in swap...
Next by Date: Re: stop in swap...
Prev by thread: Re: FW: 1024-bit RSA keys in danger of compromise
Next by thread: Now OT: Random musings - was 1024-bit RSA keys in danger of compromise
Index(es):
- Date
- Thread