[145853] in cryptography@c2.net mail archive
Re: Debian encouraging use of 4096 bit RSA keys
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Sep 14 10:59:02 2010
Date: Tue, 14 Sep 2010 15:06:48 +0100
From: Ben Laurie <ben@links.org>
To: "Perry E. Metzger" <perry@piermont.com>
CC: cryptography@metzdowd.com
In-Reply-To: <20100914081552.7eec6fc5@jabberwock.cb.piermont.com>
On 14/09/2010 13:15, Perry E. Metzger wrote:
> The decision that 1024 bit keys are inadequate for code signing is
> likely reasonable. The idea that 2048 bits and not something between
> 1024 bits and 2048 bits is a reasonable minimum is perhaps arguable.
> One wonders what security model indicated 4096 bits is the ideal
> length....
Given their constraints, what they say (i.e. "to be on the safe side")
seems entirely reasonable. Code signing and verification do not occur
with great frequency, so a big key is not a big problem.
In general, we should resist the temptation to pare security protocols
down to the bare minimum - it is this tendency that gave us, for
example, the TLS renegotiation attack. A little bit of belt and braces
and that would have been a non-issue.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
