Uwe Hermann - rsa
http://hermann-uwe.de/taxonomy/term/1963/0
enCreating 32768 bit RSA keys for fun and profit
http://hermann-uwe.de/blog/creating-32768-bit-rsa-keys-for-fun-and-profit
<p>Have you ever wondered how long it would take to create a 32768 bit RSA key with <strong>ssh-keygen</strong>? Well, I did.</p>
<pre>
$ time ssh-keygen -t rsa -b 32768 -f ~/.ssh/tmp32768 -N foobar -q
real 244m31.259s
user 244m15.664s
sys 0m4.736s
</pre><p>
In other words, on my test system (AMD X2 CPU with 1.8 GHz per core) it took ca. <strong>4 hours</strong>. This is likely very dependent on how much entropy you can get (and how fast), so take the numbers with a grain of salt. A second key with 32767 bits (one less) took <strong>16 hours</strong>, for instance.</p>
<p>The resulting <strong>tmp32768</strong> (private key) file is ca. <strong>25 KB</strong> big, the <strong>tmp32768.pub</strong> (public key) file is <strong>5 KB</strong> big.</p>
<p>There's likely no noticeable performance hit for ssh or scp AFAICS, as all data transfers are done with a symmetrical session key, not the RSA key itself. Only the initial connection "handshake" will take ca. 40 seconds longer...</p>
<p>And yes, <strong>32768</strong> is the maximum RSA key size you can currently create with OpenSSH, go file a bug report if that's not enough for you ;-) However, as I then noticed, this key will not actually work. When you put it in some <strong>authorized_keys</strong> file and try to login, the handshake will fail and the server-side will see the following error in <strong>/var/log/auth.log</strong>:</p>
<pre>
sshd[xxxxxx]: error: RSA_public_decrypt failed: error:04067069:lib(4):func(103):reason(105)
</pre><p>
I first thought I found an off-by-one error, but the 32767 bit key (one bit less) didn't work either. After looking through the OpenSSH and OpenSSL code as well as the RSA_private_decrypt(3SSL) manpage a bit, I saw that OpenSSH uses the RSA_PKCS1_PADDING parameter. My current theory is thus that some padding is making the key not work. I'm now creating a key with 11 bits less bits than 32768, let's see what happens. For the record, a key with 16384 bits does work just fine.</p>
<p>Anyway, I'll probably report this as "bug" (more a theoretical than a practical problem, though) as ssh-keygen let's you generate RSA keys which will never work in practice...</p>
http://hermann-uwe.de/blog/creating-32768-bit-rsa-keys-for-fun-and-profit#commentscrazyhackopensshperformanceprivate keypublic keyrsascpsecuritysshssh-keygenstupidityMon, 04 Aug 2008 14:45:47 +0200Uwe Hermann1361 at http://hermann-uwe.de