2048 bits, damn the electrons! [rt at openssl.org: [openssl.org #2354] [PATCH] Increase Default RSA Key Size to 2048-bits]

[Paul Wouters]

On Thu, 30 Sep 2010, Thor Lancelot Simon wrote:

>> That would only happen if we (as security experts) allowed web developers to
>> believe that the speed of RSA is the limiting factor for web application
>> performance.
>
> At 1024 bits, it is not.  But you are looking at a factor of *9* increase
> in computational cost when you go immediately to 2048 bits.  At that point,
> the bottleneck for many applications shifts, particularly those which are
> served by offload engines specifically to move the bottleneck so it's not
> RSA in the first place.

I'm sure its nothing compared to the 3 layers of url shorter redirects and
their latency :P

> Also, consider devices such as deep-inspection firewalls or application
> traffic managers which must by their nature offload SSL processing in
> order to inspect and possibly modify data

You mean it will be harder for MITM attacks on SSL. Isn't that a good thing? :P

> This too will hinder the deployment of "SSL everywhere", and handwaving
> about how for some particular application, the bottleneck won't be at
> the front-end server even if it is an order of magnitude slower for it
> to do the RSA operation itself will not make that problem go away.

The SSL everywhere problem has been a political one, not a technical one.
I am sure the "free market" can deal with putting SSL everywhere, if that
expectation has come from every internet user - instead of that internet
user clicking away many warnings about self signed certs, redirects and
SSL man-in-the-middle "protection".

Paul

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com