Key length: 512, 1024 or 2048
Since January 1st, 2011 all certificates must be generated with a 2048 bit (or more) public key.The use of 512-bit key is forbidden. Factoring RSA is doable for this length (512-bit has been factorized in August 1999, current record=768-bit). 1024-bit keys will soon be vulnerable and we will then have to stop using them.
The ANSSI (former DCSSI) made it mandatory to use 1536-bit (or higher size) keys since January 1st, 2009 and to use 2048-bit keys since January 1st, 2011.
The NIST recommands not to trust keys less than 2048-bit long since January 1st, 2011.
See the keylength website.
WARNING: you have to think about the consequences of the 2048-bit upgrade on your CPU consumption. The upgrade on already loaded equipment is sensitive.
See also:
Find out more about obtaining a server certificate and creating a certificate request : CRS click here
Last edited on 07/16/2019 08:52:29 --- [search]