Re: newbie: 64bit, 512 or 1024 ?

Joseph Ashwood Tue, 01 May 2001 15:59:00 -0700
In all honesty I would recommend against getting a 64-bit certificate. And I
would recommend just as strongly against a 512-bit certificate. There's 2
large reasons for this. First the 64-bit, the RSA DES Challenge III taught
us that using second rate, 3 year old technology, in a relatively poorly
funded manner you can break 56-bit security in under a day. Given proper
funding, proper modern technology, and 1 day it is certainly possible to
break 64-bit security. Can you risk having only 1 day worth of security? How
about next year when it becomes 12 hours?

512-bit factoring has been done (Code Book challenge). It took a network of
100 machines working during idle time a couple of months, followed by a 4
processor Alpha (2 years old) running about a week. Again this was not a
best of breed attack, 100 machines is available to me right now if I really
tried, I could probably get half of them from the office I'm in right now.
The equivalent of the Alpha is easy enough to come by now, just slap that
much RAM in a high end P4 and give it a couple weeks. So can you afford to
only have a couple of weeks of security? This attack would cost much less
than the 64-bit attack.

I really don't think you should use a 512-bit certificate or use anything
below 80-bit security, preferably 128-bit. Technically you can use a
1024-bit public key with 64-bit security, but whether or not they'll sign it
is up to Thawte.
                                        Joe

----- Original Message -----
From: "John Peters" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 01, 2001 3:49 PM
Subject: newbie: 64bit, 512 or 1024 ?


> I want to order a $125 64bit thawte certificate.
>
> I see almost everyone using 1024 to generate the private key, but it says
on
> the thawte website that 1024 is for the 128bit certificates.
>
> Does it matter if use 512 or 1024 to generate the private key?
>
>
> Regards
>
> John Peters
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: newbie: 64bit, 512 or 1024 ?

Reply via email to
