Debian encouraging use of 4096 bit RSA keys
Ben Laurie
ben at links.org
Tue Sep 14 10:06:48 EDT 2010
On 14/09/2010 13:15, Perry E. Metzger wrote:
> The decision that 1024 bit keys are inadequate for code signing is
> likely reasonable. The idea that 2048 bits and not something between
> 1024 bits and 2048 bits is a reasonable minimum is perhaps arguable.
> One wonders what security model indicated 4096 bits is the ideal
> length....
Given their constraints, what they say (i.e. "to be on the safe side")
seems entirely reasonable. Code signing and verification do not occur
with great frequency, so a big key is not a big problem.
In general, we should resist the temptation to pare security protocols
down to the bare minimum - it is this tendency that gave us, for
example, the TLS renegotiation attack. A little bit of belt and braces
and that would have been a non-issue.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list