[Beowulf] Re: "hobbyists"

[Perry E. Metzger]

Again, this is not a cryptography list, but I'll correct a few small
things...

"Robert G. Brown" <rgb at phy.duke.edu> writes:
> I haven't looked at the literature recently, but to the best of my
> knowledge e.g the integer factorization problem cannot be solved in
> polynomial time for any known algorithm,

Correct.

> and factoring a single 663 bit integer in a test that took
> ballpark of a GFLOP-century of effort for the record as of 2005.

I don't remember the record, but at this point it is considered
(theoretically) feasible to attack 1024 bit RSA keys using GNFS and
similar methods -- Dan Bernstein has published on this, you can
doubtless find the paper on his site. Serious users are using 2048 bit
RSA keys at this point.

There aren't nearly such good methods for attacking elliptic curve
based systems, and many people have migrated to those for performance
reasons -- you can use shorter keys with (it is believed) equal
security.

> ssh is quite secure, but not if you have both of my public/private
> keys.

That depends on what you mean by "secure". There are two forms of
security provided by SSH. One is protection from people trying to
break in to your account, the other is protection from people reading
your traffic over the network.

I can log in using your credentials if I have your private key and you
are using SSH with public key authentication. However, even if I have
both of your private and public keys, the ephemeral key used for a
particular session is agreed to using Diffie-Hellman key exchange, and
mere knowledge of your long term keys will not allow anyone to read
your session traffic. This property is known as "Perfect Forward
Secrecy." (Technically, this is only true of sshv2 -- sshv1 used
random nonces exchanged under RSA for the key material, but sshv1
is no longer in wide use because it has a number of security issues.)


-- 
Perry E. Metzger		perry at piermont.com