On Thu, 9 Mar 2000, Junichi Uekawa wrote: > Isn't it that to decrypt 1024 key takes double the amount of > CPU time than decrypting 1023 key, as long as there is no other > method than brute-force method of trying every combination. > > IMO It is a serious security issue, when the system is half as secure > and one is not notified. And the person is trying to use a ssh.
Where 'n' is a "reasonable" amount of time to crack a key using brute-force, doubling 'n' does not equate to doubling the security of your system. At the most, you have caused the cracker the minor annoyance of having to wait twice as long for a result. Conversely, if '2n' is an "unreasonable" amount of time to crack a key using brute-force, halving it to 'n' does not equate to halving the security of your system. In other words, I rely on my ssh keys being several orders of magnitude more difficult to crack than weaker crypto that is crackable in a "reasonable" amount of time by brute force. Whether the keys are 1023 bit or 1024 bit is irrelevant. Both accomplish this goal. Ben -- nSLUG http://www.nslug.ns.ca [EMAIL PROTECTED] Debian http://www.debian.org [EMAIL PROTECTED] [ pgp key fingerprint = 7F DA 09 4B BA 2C 0D E0 1B B1 31 ED C6 A9 39 4F ] [ gpg key fingerprint = 395C F3A4 35D3 D247 1387 2D9E 5A94 F3CA 0B27 13C8 ]