On Wed, Nov 13, 2013 at 3:31 PM, Fedor Brunner <fedor.brun...@azet.sk>wrote:
> For example the server jabber.ccc.de uses 2048 bit RSA public key, but > the length of the temporary key is only 1024 bit. The public key score > is 90, cipher score is 90 > http://xmpp.net/result.php?domain=jabber.ccc.de&type=server Hmmm... I'm not convinced that's automatically a bad thing. Firstly, it's generally unwise to compare bitlengths and expect the get sane results - although as it happens, both DH and RSA happen to have roughly the same equivalent bits of security. Secondly, the key lifetime also has an impact - the DH negotiated temporary key will only be used for one session, whereas the RSA key will be used for a year. Given that cracking a 1024 bit temporary key will take (perhaps) a year, that's probably enough to ensure the security of the vast majority of your conversations - whereas the RSA key is protecting all of them - crack that and it's game over. Obviously PFS is there to mitigate against this, but if the RSA key can be cracked within its lifetime, then it becomes trivial to perform a man-in-the-middle attack. My personal opinion would be that 1024 bits of DH is fine, 2048 bits of RSA is borderline, and 384 bits of EC is also fine. Dave.
