On 19/05/11 11:53, Jeffrey Walton wrote:
I'm setting up a new CA/SSL infrastructure for work
...
and whether it meets the requirements of a v3 SSL cert
(I think it does). Is 4096 bit key and sha1 a good choice?
SHA-1 is not a good choice here. You are exceeding 128 bits of
security with the 4096 key, but only offering ~50 bits of security for
authentication (SHA has an ideal level of 80 bits, but it has been
reduced). You would probably want to use SHA-256. As an attacker,
would you try to factor the modulus (which should take over 2^128
work, or swap in a key and sign it as the CA (at a cost of 2^50)?
Jeff
Hi Jeff,
Thank you for that - I'm a sysadmin, but I am not managing to keep up
with encryption theory/practise recently.
That is a very valuable tip - I'll swap it over to SHA-256.
[Rest of query still stands for anyone kind enough to be able to comment
on other aspects].
All the best,
Tim
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
