Thor Lancelot Simon writes:

> a significant net loss of security, since the huge increase in computation
> required will delay or prevent the deployment of "SSL everywhere".

That would only happen if we (as security experts) allowed web developers to
believe that the speed of RSA is the limiting factor for web application

That would only happen if we did not understand how web applications work.

Thankfully, we do understand how web applications work, and we therefore
advise our colleagues and clients in a way that takes the whole problem
space of web application security/performance/availability into account.

Sure, 2048 is overkill. But our most pressing problems are much bigger and
very different. The biggest security problem, usability, rarely involves any
math beyond rudimentary statistics...


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to