Hi Jacky, We found the following sources:
http://csrc.nist.gov/publications/drafts/800-131/draft-800-131_transition-paper.pdf See Table 6 in the section "6 Key Agreement and Key Transport Using RSA". http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf See Table4 in the section "5.6.2 Defining Appropriate Algorithm Suites". Of course, these documents was written about the system for "government". However, it can be referred and applied to social networking services and so on, I guess... Thanks, -Yoichiro On Wed, Mar 17, 2010 at 6:02 PM, Jacky Wang (王超) <[email protected]> wrote: > Hi Yoichiro, > > As mentioned in your mail that "... this length is short and dangerous. I > think that we should use 2048 bit." Could you share with us the source as > well? > > Thanks, > Jacky > > On Wed, Mar 17, 2010 at 4:56 PM, Yoichiro Tanaka <[email protected]>wrote: > >> Hi there, >> >> I'm in charge of mixi platform supported OpenSocial in Japan. Our >> platform has already been elapsed one year. Therefore, a signed >> request has been supporting at this platform, and the key for signing >> will be expired next month. >> >> When I generated the key, the modulus length of the key was 1024 bit. >> But, I heard recently that this length is short and dangerous. I think >> that we should use 2048 bit. However, if we use this length and sign >> each requests, I'm afraid that some libraries for OAuth can't use the >> key and can't validate the request... >> >> The bit length doesn't depend on the process of OAuth libs, right? >> And, if you are in any containers, how much long is the key length you >> are using? >> >> Thanks, >> -Yoichiro (mixi, Inc.) >> > > > > -- > Best Regards, > > Jacky Wang > (Office) +86-10-6250-3316 > (Mobile) +86-1381-0018-677 > Kejian Building, Tsinghua Science Park Building 6 > No.1 Zhongguancun East Road, Haidian District > Beijing P.R.China 100084 > -- Yoichiro Tanaka Email: [email protected] Blog: http://www.eisbahn.jp/yoichiro
