[Cryptography] RSA equivalent key length/strength

David Kuehling dvdkhlng at posteo.de
Tue Sep 24 07:26:53 EDT 2013

>>>>> "Patrick" == Patrick Pelletier <code at funwithsoftware.org> writes:

> On 9/14/13 11:38 AM, Adam Back wrote:

>> Tin foil or not: maybe its time for 3072 RSA/DH and 384/512 ECC?

> I'm inclined to agree with you, but you might be interested/horrified
> in the "1024 bits is enough for anyone" debate currently unfolding on
> the TLS list:

> http://www.ietf.org/mail-archive/web/tls/current/msg10009.html

I'm even more horrified, that the Apache webserver uses 1024-bit Diffie
Hellman exchange for TLS/SSL with no way to increase group size other
than modifying and recompiling the sources.  Now that everybody calls
for website operators to enable perfect-forward secrecy, we may in fact
see an overall security downgrade.


(Of course you can also get PFS via ECDHE, but many production webserver
installations run older openssl versions that only support DHE)

GnuPG public key: http://dvdkhlng.users.sourceforge.net/dk2.gpg
Fingerprint: B63B 6AF2 4EEB F033 46F7  7F1D 935E 6F08 E457 205F
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 229 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130924/0feab090/attachment.pgp>

More information about the cryptography mailing list