Le 02/10/2022 à 11:51, Matus UHLAR - fantomas a écrit :
On 10/1/22 16:16, Viktor Dukhovni wrote:
4096-bit RSA certificates mostly work, but are pointless crypto
exhibitionism, waste CPU, can run into client implementation
limitations, and so are not a good idea.
On 01.10.22 17:20, Shawn Heisey wrote:
My cert from letsencrypt is 4096 bit.
yes, Let's Encrypt clients generate 4096 keys by default, which is
silly because intermediate R3 certificate is only 2048-bit.
Silly, yes for the common usage and totally pointless.
But keep in mind that key generation/primality test are not definitive
primatily answer.
A very extensively tested 2048 key is more secure than a very basically
and lightly tested 4096 key.
Key generation/test is something that is often badly neglected...
Emmanuel.
