On Thursdayen den 25 April 2002 14.58, Geoffrey Lee wrote: > On Thu, Apr 25, 2002 at 02:40:21PM +0200, Thierry Vignaud wrote: > > Oden Eriksson <[EMAIL PROTECTED]> writes: > > > Could we please apply this to the openssh-server package? > > > > florin, do you agree to increase defaults number of bits in protocol > > v1 from 768 to 2048 ? > > I would be interested in benchmarks on a large keylength for a large number > of users ...
Increasing the ssh handshake would be devastating for the server performance and cause for a possible dos attack. The whole idea is that it's pointless to have two 1024 bits RSA keys hanging around in /etc/ssh/. The SSH (legacy) protocol v1 uses the "ssh_host_key" which is max 1024 bits. The ssh protocol v2 uses either the "ssh_host_rsa_key" or "ssh_host_dsa_key". Generating the DSA key defaults to 2048 bits. Generating the RSA2 key defaults to 1024 bits. I belive I have pointed this out several months (maybe a year?) ago but there were no responce. -- Regards // Oden Eriksson
