[Cryptography] RSA equivalent key length/strength
David Kuehling
dvdkhlng at posteo.de
Tue Sep 24 07:26:53 EDT 2013
>>>>> "Patrick" == Patrick Pelletier <code at funwithsoftware.org> writes:
> On 9/14/13 11:38 AM, Adam Back wrote:
>> Tin foil or not: maybe its time for 3072 RSA/DH and 384/512 ECC?
> I'm inclined to agree with you, but you might be interested/horrified
> in the "1024 bits is enough for anyone" debate currently unfolding on
> the TLS list:
> http://www.ietf.org/mail-archive/web/tls/current/msg10009.html
I'm even more horrified, that the Apache webserver uses 1024-bit Diffie
Hellman exchange for TLS/SSL with no way to increase group size other
than modifying and recompiling the sources. Now that everybody calls
for website operators to enable perfect-forward secrecy, we may in fact
see an overall security downgrade.
http://grokbase.com/t/apache/dev/1393kx4qn8/
http://blog.ivanristic.com/2013/08/increasing-dhe-strength-on-apache.html
(Of course you can also get PFS via ECDHE, but many production webserver
installations run older openssl versions that only support DHE)
David
--
GnuPG public key: http://dvdkhlng.users.sourceforge.net/dk2.gpg
Fingerprint: B63B 6AF2 4EEB F033 46F7 7F1D 935E 6F08 E457 205F
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 229 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130924/0feab090/attachment.pgp>
More information about the cryptography
mailing list