Simon Weijgers <[EMAIL PROTECTED]> writes:
> > However, if you're talking to an export browser then you'll
> > end up with 512 bits of security but it will be as slow
> > as 768 bits because of ephemeral RSA mode. [0]
> >
> > -Ekr
> >
> > [0] Yes, I know that 512 bit ephemeral RSA isn't exactly
> > the same security wise as 512 bit static, but they're
> > close to a first order.
> Actually with mod_ssl ephemeral is really not so ephemeral.
> It's generated only once at startup. So ephemeral is as long
> as the uptime of apache which usually is quite long.
Yes, I know. So, the security isn't any better
but there is still a performance penalty because you
have to perform both the 1024 bit signature and
the 512 bit decryption.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
PureTLS - free SSLv3/TLS software for Java
http://www.rtfm.com/puretls/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
