Hi, I never see 4096 bits keys used in the SSL transactions. I once see the key in the root CA in the natioanl PKI initiative in one country under very restrictive usage with customized application.
I am just wondering if the market is moving to use such a longer bits key. -Kiyoshi Kiyoshi Watanabe > Practicality : do not use 4096 bits server side private key. No, not even > 2048. > Key size larger than 1024 is not supported by those bollocky client > browsers. Netscape and MSIE4 come to mind. > Regards, > Arthur Chan > > ----- Original Message ----- > From: "Dave Paris" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, August 11, 2003 07:34 PM > Subject: RE: high-grade vs low-grade encryption with MD5 and DES > > > > The "5 minutes" I mentioned doesn't implicitly refer to the amount of time > > needed to crack the ciphertext, but more the type of data and the amount > of > > time it needs to be protected. > > > > A couple examples: > > > > Example 1: > > A password which will only work for the next ten minutes only needs to be > > protected by encryption capable of rendering the text sufficiently > scrambled > > for that 10 minute duration. This might mean it would take an attacker 1 > > minute to obtain the ciphertext and get it into a state where it can be > > cryptanalyzed. Four or five minutes to determine the cipher used. Then > the > > attacker is left with only 3 or 4 minutes to break the cipher if they need > > one minute to actually use the password. So, how strong do you need > > encryption in this case? Only long enough to hold out against a 3 to 4 > > minute attack. > > > > Example 2: > > A "sealed" court case which is mandated to be sealed for 20 years needs to > > be protected by a cipher capable of using a large enough keyspace to keep > a > > sustained attack against the data at bay for that 20 years. > > > > Herein lies the challenge in the practical utilization of cryptography... > > how do we know what will protect data for 20 years? We don't. So we make > > educated guesses. We make compromizes. We use "best-available". In the > > example of the password above, 56 bit DES would be a reasonable choice. > > It's fast, but weak - yet strong enough to keep that password encrypted > for > > the two or three - heck, six, minutes it would be attacked. (this is not > to > > say that one should use the weakest available cipher for any given problem > > set! 3DES, AES, or Blowfish would be a much better choice in any case.) > In > > the example of the sealed court records, we're not worried about > transaction > > speed or decryption speed so an asymmetric cipher capable of utilizing a > > 4096 bit (or larger!) private key is much more appropriate. > > > > Kind Regards, > > -dsp > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Arthur Chan > > Sent: Sunday, August 10, 2003 6:39 AM > > To: [EMAIL PROTECTED] > > Subject: Re: high-grade vs low-grade encryption with MD5 and DES > > > > > > This is really symptomatic of our industry, isn't it? We seen to be our > own > > worse enemy. > > Back in 95, it took that French student days to crack the 40-bit codes. > Now > > we are talking about minutes... its disheartening. Merde. I really wonder > > how some of those MS sites survive these days... > > > > ----- Original Message ----- > > From: "Dave Paris" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Monday, August 11, 2003 06:16 PM > > Subject: Re: high-grade vs low-grade encryption with MD5 and DES > > > > > > > "compromised" is probably a poor word to use, "pointlessly weak" is > > > more accurate. If you're going to use SSL and you're dealing with data > > > that needs to be protected longer than 5 minutes, use 128bit SSL. > > > > > > -dsp > > > > > > On Sunday, Aug 10, 2003, at 02:25 US/Eastern, Arthur Chan wrote: > > > > > > > Hi all. > > > > Verisign currently has a discount on both a high grade (128bits) SSL > > > > encrypted and a low grade (40bits) SSL encrypted certificates. The > > > > former is > > > > priced at US$895 and the latter at US$1395. > > > > I noticed some sites also present Verisign certificates with > low-grade, > > > > 54-bits encryption from their Microsoft/IIS servers. However I cannot > > > > find a > > > > 54-bits certificate in > > > > www.verisign.com/products/site/commerce/index.html > > > > Is this 54-bits affair only for Microsoft / IIS ??? > > > > Is low-grade encryption with 40 and 54 bits considered "compromised" > > > > ??? > > > > Are there any finance/insurance industry standard requiring a 128 > bits, > > > > high-grade encryption ??? > > > > > > > > ______________________________________________________________________ > > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > > > User Support Mailing List [EMAIL PROTECTED] > > > > Automated List Manager [EMAIL PROTECTED] > > > > > > > > > > ______________________________________________________________________ > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > > User Support Mailing List [EMAIL PROTECTED] > > > Automated List Manager [EMAIL PROTECTED] > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]