[Systems] bender ssh key changed

Sascha Silbe sascha-ml-reply-to-2010-2 at silbe.org
Sun Sep 5 17:46:23 EDT 2010


Excerpts from Bernie Innocenti's message of Sun Sep 05 21:45:38 +0200 2010:

> > Can you post the full keys for copy&pasting into ~/.ssh/known_hosts,
> > please?
> Can't you use SSHFP? :-)
The SSHFP format is gibberish to me (it looks rather short, BTW), so I can't just copy it to known_hosts. And as long as we don't have DNSSEC working (including matching software on my side), I can't just tell SSH to trust DNS.

> Here are a few useful ones:
Thanks for benders key! I suppose none of the others has changed recently?

> There's a per-connection cost in using paranoid key lengths. When are
> the 2048 bit RSA and 1024 bit DSA projected to become breakable,
> considering the foreseeable advancements in computation?

I would have to look it up (there's been a recent thread about it on
cryptography at metzdowd.com), but TBH I never noticed any difference in
connect latency between 2kb and 4kb RSA so I wouldn't even think about
choosing 2kb myself on most hosts. I usually keep whatever the system
has generated for me, though - yes, I'm lazy. :-P

Sascha

--
http://sascha.silbe.org/
http://www.infra-silbe.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
Url : http://lists.sugarlabs.org/private/systems/attachments/20100905/08defb30/attachment.pgp 


More information about the Systems mailing list