On Feb 16, 2011, at 10:31 PM, NdK wrote: > On 16/02/2011 21:13, Martin Paljak wrote: > >>> The same can be done for 768bit key, and, I suppose, for all key sizes from >>> 512 to 2048 with the 64 bit step. >> The only questions is: are you sure you want to do this? Small RSA keys are >> often used in low profile hardware, where the smaller calculation is easier >> to complete, these days EC would be a better option for resource-constrained >> environments... >> I would not date to suggest turning<1024 key support off (which is the >> recommendation by several organizations) but giving a nice fat warning to >> the user when creating keys (not importing!) below 1024 (or 1024 keys when >> the card claims support for 2048) bits. > That could be done for every key size less than the maximum handled by > the card. This way the user is encouraged to use the maximum available > security, and fall back to less secure keys only if he needs to. :)
Nice one! Can you please file it as a wish list ticket with a link to this thread as well, so that it won't slip through the cracks? (added a note about list thread links to ReportingBugs [1] page as well) Thanks for your input, if all of the things won't get fixed for the next release (0.12.1) then surely in one of the succeeding builds. Which could eventually happen as often as on biweekly basis. If you can, please post about your experiments with MyEID profile tweaks as well, so that the default profile could be improved. [1] http://www.opensc-project.org/opensc/wiki/ReportingBugs -- @MartinPaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
