Hi Yoshi. I have been looking around and haven't seen 4096 in use either. I think most companies have settled for the standard by default ie 1024/128 and it would be a lot of work to change that. What do they do under those circumstances ? Revoke the old certificate and issue new one ? You can do your own survey, simply throw up the log-on screen for the major banks (and second tier ones), then look at their certificates. They all have 1024/128. I can't see a long live for 1024/128, maybe a few more years. Something is bound to happen. Also, I doubt whether it is practical, seeing how some (slightly) older browsers cannot handle that. Arthur ----- Original Message ----- From: "Kiyoshi Watanabe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, August 11, 2003 08:39 PM Subject: Re: high-grade vs low-grade encryption with MD5 and DES
> > Hi, I never see 4096 bits keys used in the SSL transactions. I once > see the key in the root CA in the natioanl PKI initiative in one > country under very restrictive usage with customized application. > > I am just wondering if the market is moving to use such a longer bits > key. > > -Kiyoshi > Kiyoshi Watanabe > > > Practicality : do not use 4096 bits server side private key. No, not even > > 2048. > > Key size larger than 1024 is not supported by those bollocky client > > browsers. Netscape and MSIE4 come to mind. > > Regards, > > Arthur Chan > > > > ----- Original Message ----- > > From: "Dave Paris" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Monday, August 11, 2003 07:34 PM > > Subject: RE: high-grade vs low-grade encryption with MD5 and DES > > > > > > > The "5 minutes" I mentioned doesn't implicitly refer to the amount of time > > > needed to crack the ciphertext, but more the type of data and the amount > > of > > > time it needs to be protected. > > > > > > A couple examples: > > > > > > Example 1: > > > A password which will only work for the next ten minutes only needs to be > > > protected by encryption capable of rendering the text sufficiently > > scrambled > > > for that 10 minute duration. This might mean it would take an attacker 1 > > > minute to obtain the ciphertext and get it into a state where it can be > > > cryptanalyzed. Four or five minutes to determine the cipher used. Then > > the > > > attacker is left with only 3 or 4 minutes to break the cipher if they need > > > one minute to actually use the password. So, how strong do you need > > > encryption in this case? Only long enough to hold out against a 3 to 4 > > > minute attack. > > > > > > Example 2: > > > A "sealed" court case which is mandated to be sealed for 20 years needs to > > > be protected by a cipher capable of using a large enough keyspace to keep > > a > > > sustained attack against the data at bay for that 20 years. > > > > > > Herein lies the challenge in the practical utilization of cryptography... > > > how do we know what will protect data for 20 years? We don't. So we make > > > educated guesses. We make compromizes. We use "best-available". In the > > > example of the password above, 56 bit DES would be a reasonable choice. > > > It's fast, but weak - yet strong enough to keep that password encrypted > > for > > > the two or three - heck, six, minutes it would be attacked. (this is not > > to > > > say that one should use the weakest available cipher for any given problem > > > set! 3DES, AES, or Blowfish would be a much better choice in any case.) > > In > > > the example of the sealed court records, we're not worried about > > transaction > > > speed or decryption speed so an asymmetric cipher capable of utilizing a > > > 4096 bit (or larger!) private key is much more appropriate. > > > > > > Kind Regards, > > > -dsp > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] Behalf Of Arthur Chan > > > Sent: Sunday, August 10, 2003 6:39 AM > > > To: [EMAIL PROTECTED] > > > Subject: Re: high-grade vs low-grade encryption with MD5 and DES > > > > > > > > > This is really symptomatic of our industry, isn't it? We seen to be our > > own > > > worse enemy. > > > Back in 95, it took that French student days to crack the 40-bit codes. > > Now > > > we are talking about minutes... its disheartening. Merde. I really wonder > > > how some of those MS sites survive these days... > > > > > > ----- Original Message ----- > > > From: "Dave Paris" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Monday, August 11, 2003 06:16 PM > > > Subject: Re: high-grade vs low-grade encryption with MD5 and DES > > > > > > > > > > "compromised" is probably a poor word to use, "pointlessly weak" is > > > > more accurate. If you're going to use SSL and you're dealing with data > > > > that needs to be protected longer than 5 minutes, use 128bit SSL. > > > > > > > > -dsp > > > > > > > > On Sunday, Aug 10, 2003, at 02:25 US/Eastern, Arthur Chan wrote: > > > > > > > > > Hi all. > > > > > Verisign currently has a discount on both a high grade (128bits) SSL > > > > > encrypted and a low grade (40bits) SSL encrypted certificates. The > > > > > former is > > > > > priced at US$895 and the latter at US$1395. > > > > > I noticed some sites also present Verisign certificates with > > low-grade, > > > > > 54-bits encryption from their Microsoft/IIS servers. However I cannot > > > > > find a > > > > > 54-bits certificate in > > > > > www.verisign.com/products/site/commerce/index.html > > > > > Is this 54-bits affair only for Microsoft / IIS ??? > > > > > Is low-grade encryption with 40 and 54 bits considered "compromised" > > > > > ??? > > > > > Are there any finance/insurance industry standard requiring a 128 > > bits, > > > > > high-grade encryption ??? > > > > > > > > > > ______________________________________________________________________ > > > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > > > > User Support Mailing List [EMAIL PROTECTED] > > > > > Automated List Manager [EMAIL PROTECTED] > > > > > > > > > > > > > ______________________________________________________________________ > > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > > > User Support Mailing List [EMAIL PROTECTED] > > > > Automated List Manager [EMAIL PROTECTED] > > > > > > ______________________________________________________________________ > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > > User Support Mailing List [EMAIL PROTECTED] > > > Automated List Manager [EMAIL PROTECTED] > > > > > > > > > > > > ______________________________________________________________________ > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > > User Support Mailing List [EMAIL PROTECTED] > > > Automated List Manager [EMAIL PROTECTED] > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
