From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 14DDC1381F3 for ; Tue, 10 Sep 2013 05:33:42 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DD4A6E0BC6; Tue, 10 Sep 2013 05:33:35 +0000 (UTC) Received: from mail-we0-f177.google.com (mail-we0-f177.google.com [74.125.82.177]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BAED9E0BAE for ; Tue, 10 Sep 2013 05:33:34 +0000 (UTC) Received: by mail-we0-f177.google.com with SMTP id t60so5058442wes.36 for ; Mon, 09 Sep 2013 22:33:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=Sor5vL1/VhOaDvs7dUvg3GrRowY1KuMYf+PVrdgoDt8=; b=pvQfO+pCqGcFPA/aNwGajVmgf8r979B+efVaNa3HWD99BWiDoCbvJFVH4sekGxERNe t92mKFNbZ9sHBVPMR1LL7EHv4n/y7yYSfJCmPS1YVEOi+Y7f/R7jYBNqyyHPdyGONNXM IfDLzkS8HarY0fBmWSVEdXL/BePBJSCFpxx7EyDdDjKB2Rc99ZifMY52viYQ3DyHlAZW J+EE9tCtUgU8+eWpzjKu4bOqRC7vofjIgG7s2yrbfoSkG154dA+qZfCBjsILpyL7KoU9 8elC94YjZXAj6eSA3IPcMEyb79m7IzpnRgSYY6+sWpnWj+I86633uZDve0TpzgGJC29c Zn3w== X-Received: by 10.194.93.105 with SMTP id ct9mr15863049wjb.6.1378791213420; Mon, 09 Sep 2013 22:33:33 -0700 (PDT) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by mx.google.com with ESMTPSA id dq11sm815255wid.3.1969.12.31.16.00.00 (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 09 Sep 2013 22:33:32 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Internet security. Date: Tue, 10 Sep 2013 06:33:17 +0100 User-Agent: KMail/1.13.7 (Linux/3.10.7-gentoo; KDE/4.10.5; x86_64; ; ) References: <522D257C.5060902@gmail.com> <201309091907.08701.michaelkintzios@gmail.com> <522E2088.20902@orlitzky.com> In-Reply-To: <522E2088.20902@orlitzky.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart5187965.kay2Zq6c2K"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201309100633.28843.michaelkintzios@gmail.com> X-Archives-Salt: d18ba9d0-cb8e-49c5-b216-80b83127d54e X-Archives-Hash: a6993ad43d498b449c0987bde12a6615 --nextPart5187965.kay2Zq6c2K Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Monday 09 Sep 2013 20:24:56 Michael Orlitzky wrote: > On 09/09/2013 02:07 PM, Mick wrote: > > On Monday 09 Sep 2013 14:42:28 Michael Orlitzky wrote: > >> On 09/09/2013 01:28 AM, Mick wrote: > >>> Are you saying that 2048 RSA keys are no good anymore? > >>=20 > >> They're probably fine, but when you're making them yourself, the > >> extra bits are free. I would assume that the NSA can crack > >> 1024-bit RSA[1], so why not jump to 4096 so you don't have to do > >> this again in a few years? > >=20 > > Right, but my router won't work with keys larger than 2048 and its > > admin GUI is controlled with 1024-bit public certificate. >=20 > How often do you need to admin the router? Just do it from home (i.e. > on the LAN side). Yes, that's how I do it, or I VPN into the LAN from the outside if there is= =20 some emergency. However, the VPN SSL keys can't be any larger that 2048-bi= t. =2D-=20 Regards, Mick --nextPart5187965.kay2Zq6c2K Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iQEcBAABAgAGBQJSLq8oAAoJELAdA+zwE4YehdEH/0TfhCrCG3mQldBv0NL3XaFo 2tyzzY8kA1Wb8A1t1+gjqk3tRX53FCtfmkB7I42++fG5APf/K1PUutX88DuI099S jdFM7aehDIq1q31ijhN+/rBkqPUZwAIIgvb4FSMduLkCMFz/3bv7xZNb4TMvS5vw 5AJQNXY6N4y2NpNNNXVeBY8w6ZsUf7UAQMxzJekDYqU9vez5KpdnISkaw+nEjVVx a9JC5x0l1IqP0lMvWo3+kZOzDSmdFOOgj0x/vvpKXixefduEclkbDO6yklI3XjCf x4ghPgKOHpftyx9t/72y8nBg7izfDTOxSVGP0iP+hTXpXj3/jR4JQrPBfhxYzrY= =y5Mc -----END PGP SIGNATURE----- --nextPart5187965.kay2Zq6c2K--