Re: On 2K keys and SHA-256

Hi Rich, Am 08.09.2014 23:59, schrieb Salz, Rich: We are considering changing the default keysize (RSA, DSA, DH) from 1K to 2K, and changing the default signing digest from SHA-1 to SHA-256. May I suggest 4096 bit with SHA-256. That way you have a security level of = 128 bit for both

RE: On 2K keys and SHA-256

May I suggest 4096 bit with SHA-256. I think the next step after 2K-RSA is ECC, and that 4K RSA isn't going to see much deployment because of the computational cost. At least, that's how we see things at my employer. And Chrome+Firefox still happily uses MD5 to sign SPKAC after offering you

Re: On 2K keys and SHA-256

I think that 3K-RSA is the next step after 2K-RSA, and I am sure that the computational costs of a 4K-RSA certificate is much of an obstruction with current hardware and I think that it isn't a problem at all a couple years in the future. 2014-09-09 14:18 GMT+02:00 Salz, Rich rs...@akamai.com:

Re: On 2K keys and SHA-256

On Tue, Sep 09, 2014 at 05:54:15PM +0200, Jeroen de Neef wrote: I think that 3K-RSA is the next step after 2K-RSA, and I am sure that the computational costs of a 4K-RSA certificate is much of an obstruction with current hardware and I think that it isn't a problem at all a couple years in

Re: On 2K keys and SHA-256

No, I do not have numbers to back it up, that is why my guess is that 3K-RSA is the next step after 2K-RSA. It also depends on what data you are planning to transport, and in what kind of organisation you are. 2014-09-09 18:21 GMT+02:00 Viktor Dukhovni openssl-us...@dukhovni.org: On Tue, Sep

Re: On 2K keys and SHA-256

On 09/09/2014 14:18, Salz, Rich wrote: May I suggest 4096 bit with SHA-256. I think the next step after 2K-RSA is ECC, and that 4K RSA isn't going to see much deployment because of the computational cost. At least, that's how we see things at my employer. There was (some years ago) a heated

Re: On 2K keys and SHA-256

Hi Rich, Am 09.09.2014 14:18, schrieb Salz, Rich: May I suggest 4096 bit with SHA-256. I think the next step after 2K-RSA is ECC, and that 4K RSA isn't going to see much deployment because of the computational cost. At least, that's how we see things at my employer. And Chrome+Firefox

On 2K keys and SHA-256

We are considering changing the default keysize (RSA, DSA, DH) from 1K to 2K, and changing the default signing digest from SHA-1 to SHA-256. We've already committed this to HEAD/master. We would like to make this change in the upcoming 1.0.2 release as well. Several downstream distributions,

Re: On 2K keys and SHA-256

No objection at all. Perhaps it might be worth checking that the other defaults are sane too at the same time though. e.g. x509 versions etc. Rich. On 8 September 2014 22:59, Salz, Rich rs...@akamai.com wrote: We are considering changing the default keysize (RSA, DSA, DH) from 1K to 2K, and

RE: On 2K keys and SHA-256

No complaints from me for 1K or 2K, but... Oh, sorry, this would be 1.0.2 and HEAD only. Not 1.0.1 or earlier. -- Principal Security Engineer Akamai Technologies, Cambridge MA IM: rs...@jabber.me Twitter: RichSalz :��IϮ��r�m (Z+�K�+1���x��h[�z�(Z+���f�y��