Hi Paul, I see. We are not sure that a latency for our server with 2048 will be reasonable. At least, our key will be out of date, and I think that we should choice 1024 this time.
Thank you for your advice. -Yoichiro On Thu, Mar 18, 2010 at 4:31 AM, Paul Lindner <[email protected]> wrote: > If you renew keys yearly 1024 is probably fine. Next year you might go for > 2048 depending on the state of prime number factoring available. > > The section "Integer factorization and RSA problem" covers this topic: > http://en.wikipedia.org/wiki/RSA > > On Wed, Mar 17, 2010 at 3:32 AM, Yoichiro Tanaka > <[email protected]>wrote: > >> Hi Jacky, >> >> We found the following sources: >> >> >> http://csrc.nist.gov/publications/drafts/800-131/draft-800-131_transition-paper.pdf >> See Table 6 in the section "6 Key Agreement and Key Transport Using RSA". >> >> >> http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf >> See Table4 in the section "5.6.2 Defining Appropriate Algorithm Suites". >> >> Of course, these documents was written about the system for >> "government". However, it can be referred and applied to social >> networking services and so on, I guess... >> >> Thanks, >> -Yoichiro >> >> >> On Wed, Mar 17, 2010 at 6:02 PM, Jacky Wang (王超) <[email protected]> >> wrote: >> > Hi Yoichiro, >> > >> > As mentioned in your mail that "... this length is short and dangerous. I >> > think that we should use 2048 bit." Could you share with us the source >> as >> > well? >> > >> > Thanks, >> > Jacky >> > >> > On Wed, Mar 17, 2010 at 4:56 PM, Yoichiro Tanaka <[email protected] >> >wrote: >> > >> >> Hi there, >> >> >> >> I'm in charge of mixi platform supported OpenSocial in Japan. Our >> >> platform has already been elapsed one year. Therefore, a signed >> >> request has been supporting at this platform, and the key for signing >> >> will be expired next month. >> >> >> >> When I generated the key, the modulus length of the key was 1024 bit. >> >> But, I heard recently that this length is short and dangerous. I think >> >> that we should use 2048 bit. However, if we use this length and sign >> >> each requests, I'm afraid that some libraries for OAuth can't use the >> >> key and can't validate the request... >> >> >> >> The bit length doesn't depend on the process of OAuth libs, right? >> >> And, if you are in any containers, how much long is the key length you >> >> are using? >> >> >> >> Thanks, >> >> -Yoichiro (mixi, Inc.) >> >> >> > >> > >> > >> > -- >> > Best Regards, >> > >> > Jacky Wang >> > (Office) +86-10-6250-3316 >> > (Mobile) +86-1381-0018-677 >> > Kejian Building, Tsinghua Science Park Building 6 >> > No.1 Zhongguancun East Road, Haidian District >> > Beijing P.R.China 100084 >> > >> >> >> >> -- >> Yoichiro Tanaka >> Email: [email protected] >> Blog: http://www.eisbahn.jp/yoichiro >> > -- Yoichiro Tanaka Email: [email protected] Blog: http://www.eisbahn.jp/yoichiro
