keygen.sh: why 3072-bit keys?
Wessel, Keith
kwessel at illinois.edu
Wed May 31 11:13:12 EDT 2017
Thanks, Scott. I suspected this was primarily future-proofing things. The rationale in that enhancement you sent the link to makes sense.
Keith
-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Wednesday, May 31, 2017 10:09 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: keygen.sh: why 3072-bit keys?
On 5/31/17, 11:01 AM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> One of our developers was looking at keygen.sh yesterday, reproducing its functionality elsewhere, and he noticed that it
> generates 3072-bit keys for the SP. I would have expected a 2048-bit key size. Obviously, the 3072-bit keys are that much more
> secure, but I'd think once you get past 2048 bits, it becomes somewhat academic.
https://issues.shibboleth.net/jira/browse/SSPCPP-686
If we had a discussion about whether to increase the size I don't remember it in detail other than that it doesn't hurt anything, and eventually 2048 is doomed just like 1024.
-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list