DAve Goodrich <[EMAIL PROTECTED]> writes:
> If my data is not monetary or financial in origin. Is a 1024 key really
> needed? The reason I ask is that my data is really not useful to anyone
> other than our customers, but it does require security. Since I am running a
> web application, somewhat heavy in the graphics, wouldn't a smaller key be
> advantages to me for performance?
>
> How safe is a smaller key, in real world terms.
Depends what size you use. 768's pretty safe.
That said, using a shorter key won't necessarily improve performance
that much unless you have a lot of different browsers connecting.
If what you have is a few breowsers but a lot of data per
browser than what you need is a faster cipher suite (like RC4).
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
Author of "SSL and TLS: Designing and Building Secure Systems"
http://www.rtfm.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
