LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 12-13-2002, 05:04 PM   #1
koningshoed
Member
 
Registered: May 2002
Location: South Africa
Distribution: Gentoo
Posts: 103

Rep: Reputation: 15
rsa private key keysize - how big?


Hallo all

I'm currently generating a set of certificates for use on a server we have on which we are running a server we wrote. I would now like to know how big the rsa keylength has to be for it to be secure. I read that keysizes less than 1024 should be considered insecure. For testing we used keysizes of excactly 1024, is there any reason to use bigger keys than this?

We use openssl to generate these keys as follows:

dd if=/dev/random of=./randfile count=1
openssl genrsa -out ./key.pem -rand ./randfile 1024

Is there any reason to enlarge the 1024?

koningshoed
 
Old 12-14-2002, 10:45 AM   #2
tarballedtux
Member
 
Registered: Aug 2001
Location: Off the coast of Madadascar
Posts: 498

Rep: Reputation: 30
Well you say it is a server. So you won't want to change it often because that disrupt the users. SO a key size of 2048 or bigger will take you for a long period of time. Maybe someone else has a better answer than I do.


--tarballedtux
 
Old 12-14-2002, 04:05 PM   #3
koningshoed
Member
 
Registered: May 2002
Location: South Africa
Distribution: Gentoo
Posts: 103

Original Poster
Rep: Reputation: 15
Yep, well, for now I'll just stick to 1024 (while we are still testing) and will try and find out more. I would really like to get hold of some kind of guidelines for choosing key sizes for different algorithms but I seem to be unable to find any. And anyway, what defines secure? For one, take SHA, it is computationally infeasable to construct two strings that hash to the same value, but it is still possible - but it is so unlikely to succeed (1/2^160 to get a string to hash to a specific value, about 1 * 10 ^ -50 iirc) that I for one would not bother trying. RSA keys are however not quite the same, the private components must be prime, and thus there are not truly 2 ^ 1024 possible keys. In addition you would like to stay away from boundaries (would prefer to have an approximately equal number of 0's and 1's). So the question remains, how do you pick the keysizes?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Which is better RSA or DSA public key? tarballedtux Linux - Security 12 02-03-2009 07:15 AM
failed ssh RSA key authentication jdarren Linux - Networking 15 07-06-2008 11:25 AM
RSA host key for 172.17.5.60 has changed ssharma_02 Red Hat 3 11-15-2006 10:55 AM
ssh RSA key thanat0s Linux - Security 3 09-29-2003 10:51 PM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 08:25 AM


All times are GMT -5. The time now is 06:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration