keygen.sh: why 3072-bit keys?
Cantor, Scott
cantor.2 at osu.edu
Wed May 31 11:09:23 EDT 2017
On 5/31/17, 11:01 AM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> One of our developers was looking at keygen.sh yesterday, reproducing its functionality elsewhere, and he noticed that it
> generates 3072-bit keys for the SP. I would have expected a 2048-bit key size. Obviously, the 3072-bit keys are that much more
> secure, but I'd think once you get past 2048 bits, it becomes somewhat academic.
https://issues.shibboleth.net/jira/browse/SSPCPP-686
If we had a discussion about whether to increase the size I don't remember it in detail other than that it doesn't hurt anything, and eventually 2048 is doomed just like 1024.
-- Scott
More information about the users
mailing list