OpenSSL, Apache 2 and RSA key sizes

Wed, 23 Aug 2006 10:06:27 -0700

I only know some basics about SSL, symmetric keys and asymmetric keys, and I'd greatly appreciate anyone who can shed some light on this question!
My understanding (and feel free to correct anything below here!) is that SSL transactions between a web browser and a web server involve first a handshake, then the actual data transmission. The handshake is handled by a public/private key pair, then switches over to the symmetric key (256-bit AES, 162-bit 3DES, or whatever) for the bulk of the data transmission. 


Now, it seems from what I've read that 128-bit symmetric keys are still 
considered secure given the current state of computing power, and may stay 
that way for a long time.  But for asymmetric keys, 1024 bits is considered 
by at least some to be getting into the realms of being feasibly crackable.  
Longer keys (2048 bit, 3072 bit) are recommended for data that needs to be 
protected for years to come.



Now here's where my understanding gets murkier.  I can understand what 
Firefox tells me when I double-click the "lock" icon on an SSL website and 
see that it's offering "High Grade Encryption (RC4 128 bit)" or "(AES 256 
bit)".  But what about the public/private key pair that's used to do the 
handshaking?  Sites like Verisign still recommend that OpenSSL users use a 
command similar to this:



openssl genrsa -des3 -rand file1:file2:...:file5 -out 
www.virtualhost.com.key 1024



and old documentation for Apache's mod_ssl seem to indicate that 2048-bit 
keys aren't (or at least weren't) even supported. 
(http://www.modssl.org/docs/2.8/ssl_faq.html#ToC34)



In fact, when I use MSIE to go to big-name sites (Chase Bank, Citi Bank,  
RBC Centura), double-click the lock icon, look at the "Details" tab, I 
invariably see "Public key: RSA (1024 bits).


So, my questions are:


1) Why isn't everyone using stronger public/private key pairs?  Nobody who 
seems to offer SSL certs (Verisign, Thawte, GoDaddy, Comodo) tells their 
customers to generate 2048-bit keys with OpenSSL.   Obviously they're not 
worried - why not?



2) Related to that, should I be worried that I'm generating a public/private 
keypair for my Apache2/mod_ssl server that's only 1024-bits?  Do I even have 
the OPTION of having a larger/stronger key, or am I going to hit some weird 
compatibility problems with modern-day browsers?


Thanks to anyone who can help set me straight!


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]






















					Reply via email to