SSH Agent keys >4096 bit?

Peter Lebbing peter at
Fri May 4 21:41:25 CEST 2012

On 04/05/12 20:54, Ali Lown wrote:
> Might I point out that discussion is with respect to an 8k RSA SSH key
> for SSH authentication, not for email. A 2 second delay during the
> initialization of an SSH connection is not a problem.

And here is precisely something interesting: 8k RSA is discussed as a method
to keep messages confidential for decades. I haven't looked into it, but I'm
under the impression RSA is used purely for authentication in SSH, not for
key exchange[1]. What are you protecting decades against here? A server
reusing a random challenge? That seems quite far fetched.

Oh, by the way, only the computational load for the client was discussed.
There's also the server (although the public side of the computation is
quicker than the private side). The server gets logins from potentially a
lot of clients.


[1] I get this impression because there is a configuration option for
OpenSSH sshd that selects which key exchange methods to use, and they all
have DH (Diffie-Helmann) in their name.

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at

More information about the Gnupg-users mailing list