Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Retirement of RSA-2048
804 views
Skip to first unread message
James Burton
Jan 20, 2018, 11:32:02 AM1/20/18
to mozilla-dev-s...@lists.mozilla.org
Approximate date of retirement of RSA-2048?
Peter Bowen
Jan 20, 2018, 12:00:17 PM1/20/18
to James Burton, mozilla-dev-s...@lists.mozilla.org
On Sat, Jan 20, 2018 at 8:31 AM, James Burton via dev-security-policy
<dev-secur...@lists.mozilla.org> wrote:
> Approximate date of retirement of RSA-2048?
This is a very broad question, as you don't specify the usage. If you
<dev-secur...@lists.mozilla.org> wrote:
> Approximate date of retirement of RSA-2048?
look at the US National Institute of Standards and Technology's SP
800-57 part 1 rev 4
(http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf),
they discuss the difference between "applying" and "processing".
Applying would usually be either encrypting or signing and processing
would usually be decrypting or verifying.
Given that RSA is used by Mozilla products for signing long term data
(intermediate CA certificates, for example), encrypting data (for
example, encrypting email), as part of key exchange (in TLS), and for
signing for instant authentication (signature during a TLS handshake),
the appropriate retirement date may vary.
That being said, the NIST publication above uses the assumption that
RSA with a 2048-bit modulus, where the two factors are each 1024-bit
long prime numbers, provides approximately 112-bits of strength.
Later on it states that 112-bits of strength is acceptable until 2030.
The German Federal Office for Information Security (BSI) reportedly
recommends using a modulus length of at least 3000 bits starting in
2023 [1].
Does that help answer your question?
Thanks,
Peter
[1] My German is very poor. If yours is better than mine, you can
read the original doc from the BSI at
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf?__blob=publicationFile
and confirm that Google Translate did not cause me to misunderstand
the recommendation
Alex Gaynor
Jan 22, 2018, 9:26:55 AM1/22/18
to Peter Bowen, James Burton, mozilla-dev-s...@lists.mozilla.org
If I may give a shorter answer than Peter: for authentication purposes (as
used in the WebPKI with non-RSA-key-exchange ciphersuites in TLS) there is
no current deprecation plans for 2048-bit RSA.
Alex
> _______________________________________________
> dev-security-policy mailing list
> dev-secur...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
used in the WebPKI with non-RSA-key-exchange ciphersuites in TLS) there is
no current deprecation plans for 2048-bit RSA.
Alex
> dev-security-policy mailing list
> dev-secur...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
Tobias Burnus
Jan 22, 2018, 1:59:32 PM1/22/18
to dev-secur...@lists.mozilla.org
Peter Bowen wrote:
> The German Federal Office for Information Security (BSI) reportedly
> recommends using a modulus length of at least 3000 bits starting in
> 2023 [1].
> [1] My German is very poor.
I want to point out that the document is also available in English:
https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/tr02102/index_htm.html
Namely: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile&v=6
Cheers
Tobias
0 new messages