2048 bits, damn the electrons! [rt at openssl.org: [openssl.org #2354] [PATCH] Increase Default RSA Key Size to 2048-bits]
Kevin W. Wall
kevin.w.wall at gmail.com
Thu Sep 30 03:17:14 EDT 2010
Thor Lancelot Simon wrote:
> See below, which includes a handy pointer to the Microsoft and Mozilla
> policy statements "requiring" CAs to cease signing anything shorter than
> 2048 bits.
<...snip...>
> These certificates (the end-site ones) have lifetimes of about 3 years
> maximum. Who here thinks 1280 bit keys will be factored by 2014? *Sigh*.
No one that I know of (unless the NSA folks are hiding their quantum computers
from us :). But you can blame this one on NIST, not Microsoft or Mozilla.
They are pushing the CAs to make this happen and I think 2014 is one of
the important cutoff dates, such as the date that the CAs have to stop
issuing certs with 1024-bit keys.
I can dig up the NIST URL once I get back to work, assuming anyone actually
cares.
-kevin
--
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents." -- Nathaniel Borenstein, co-creator of MIME
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list