[Cryptography] forward-secrecy >=2048-bit in legacy browser/servers? (Re: RSA equivalent key length/strength)
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Sep 25 19:40:33 EDT 2013
Adam Back <adam at cypherspace.org> writes:
>Is there a possibility with RSA-RSA ciphersuite to have a certified RSA
>signing key, but that key is used to sign an RS key negotiation?
Yes, but not in the way you want. This is what the 1990s-vintage RSA export
ciphersuites did, but they were designed so you couldn't use them to provide
strong security.
>I imagine that ciphersuite is widely disabled at this point.
That'd be the other problem :-).
Peter.
More information about the cryptography
mailing list