[Cryptography] Google's Public Key Size (was Re: NSA and cryptanalysis)

Andy Steingruebl steingra at gmail.com
Wed Sep 4 17:15:07 EDT 2013


On Mon, Sep 2, 2013 at 3:04 PM, Jeffrey I. Schiller <jis at mit.edu> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, Sep 02, 2013 at 03:09:31PM -0400, Jerry Leichter wrote:
> > Google recently switched to 2048 bit keys; hardly any other sites
> > have done so, and some older software even has trouble talking to
> > Google as a result.
>
> Btw. As a random side-note. Google switched to 2048 bit RSA keys on
> their search engine. However my connection to mail.google.com is using
> a NIST p256r1 ECC key in its certificate.
>

As of Jan-2014 CAs are forbidden from issuing/signing anything less than
2048 certs.  Lots of people are acting now to get ahead of that.
EV's have been required to be 2048 for quite some time.

- Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130904/f7454a93/attachment.html>


More information about the cryptography mailing list