Microsoft: As of October, 1024-Bit Certs Are the New Minimum 207
way2trivial writes with this snippet from Information Week about a warning from Microsoft reminding Windows administrators that an update scheduled for October 9th will require a higher standard for digital certificates. "That warning comes as Microsoft prepares to release an automatic security update for Windows on Oct. 9, 2012, that will make longer key lengths mandatory for all digital certificates that touch Windows systems. ... Internet Explorer won't be able to access any website secured using an RSA digital certificate with a key length of less than 1,024 bits. ActiveX controls might be blocked, users might not be able to install applications, and Outlook 2010 won't be able to encrypt or digitally sign emails, or communicate with an Exchange server for SSL/TLS communications."
This was announced several months ago (Score:5, Informative)
Open source suffers from quasi-religious stuff too (Score:5, Informative)
No matter how few people actually read through the Linux kernel code, it's sufficiently open that blatant backdoors are not going to be inserted.
Open source suffers from quasi-religious stuff too, as you just demonstrated with your claim. Ken Thompson, of Bell Labs and Unix and C fame - the "K" in K&R, demonstrates the insufficiency of being able to read the source code.
http://cm.bell-labs.com/who/ken/trust.html [bell-labs.com]
Re:Oh phuque them! (Score:0, Informative)
You say that like it is simple. It isn't. There are people who expect their machines to work. They expect wireless, sleep, hibernate, 4G dongles, etc. to work in order to do business. They expect dock / undock with multiple large monitors to work. They have applications - thousands of them that they would have to re-write. If you think about it for all of 5 seconds you'd see that Linux either doesn't work well in many of these scenarios (it does on some machines, not so well on others) and the costs to switch would be enormous. Just switch. Jeez. How about you just switch your body's metabolism to run on tree bark? That would work just as well.
Re:open source (Score:5, Informative)
Nice weasel word there. Blatant. What makes you think that if there are backdoors in Windows they're blatent?
Think back to the AARD code, they went way out of their way to obfuscate it. Microsoft would not be so stupid as to put a well commented backdoor in there.
Of course, I'm sure someone will bring up the NSAKEY incident, which various security researches (such as Bruce Schneier) have dismissed as merely allowing the NSA to install their own key to be install for their internal systems without having to have MS sign it.
You do know that backdoors have been inserted into Linux distro's in the past, and some of them took a great deal of time to be discovered. Then of course, one never really knows if a security vulnerability is intentional or not (on any platform).
There have also been some near calls as well in the kernel itself. For instance, who remembers this doozy?
http://www.securityfocus.com/news/7388 [securityfocus.com]
Yes, it was caught, but not because of "many eyes". It was because the attacker chose to try to modify the version control file directly. Had it gone in by some other means, it may not have been caught at all.
Re:open source (Score:5, Informative)
Re:Why 1024? (Score:5, Informative)
Re:Why 1024? (Score:5, Informative)
smart/feature phones
There's your biggest drawback to the 1k keysize. How many of them can handle more then that? Simply put, it's the U.S. Telco's that aren't able to handle anything larger as everyone else offers phones that can handle 2k+ certs.
The real K&R (Score:4, Informative)
The "K" of K&R is wrong.
"K" is Brian Kernighan. You know, the Brian Kernighan of "The C Programming Language" fame. He wrote a book or two. He's quite famous. Maybe you've heard of him.
Look it up.
Re:Why 1024? (Score:5, Informative)
Have a look at http://en.wikipedia.org/wiki/Birthday_problem [wikipedia.org] A group of just 23 people is required to get a 50% probability two people will have the same birthday, despite there being 366 different days in the year. 57 for 99% probability. That equates to 6.3% change, hits 50% probability and 15.5% hits 99%.
If moving to 2048bits makes 15% of the certs in use invalid, the vast majority of your users will be effected.
Re:Only 10 years behind the times (Score:4, Informative)
As everyone moves to 2048 bit keys
Re:Why 1024? (Score:4, Informative)
Re:Only 10 years behind the times (Score:2, Informative)
True. ECC is definitely the way forward. NSA has already switched all their systems to it and the DoD mandated that all systems must switch from conventional public keys to ECC by 2010 (2 years ago). Whit Diffie said that NSA insiders told him the same thing (i.e. they trust ECC more). This has lead some to speculate there is an unpublished (NSA discovered) weakness with RSA (a speculation which may have some merit according to James Bamford, who in his infamous Wired article claims NSA "made a huge breakthrough in cryptanalysis a few years ago." Bamford didn't give specifics because his contacts didn't give specifics, but it seems much more likely they have broken RSA than the much more difficult AES (breaking RSA would give you the keys to the AES kingdom since AES keys are protected by RSA in hybrid systems like PGP/SSL. Break RSA and you have access to the AES key underneath).
It's all speculation about RSA having flaws. Maybe NSA broke AES instead. Maybe they broke both. Maybe they have "broken" it in the sense of a novel side-channel attack. Maybe the insiders lied to Bamford for disinformation purposes. We don't know. Either way, ECC is better all around due to its reduced key size and at least as strong security. The problem is even though it is in the OpenPGP standard, it will not be in widespread use for many years yet. Werner Koch, the lead developer of GNUPG, says it will take many years for it to become widespread due to all the legacy systems, old software, people not upgrading, etc. There are many software implementations of OpenPGP, and not all of them will include ECC at the same rate. Plus lots of people have RSA keys with lots of signatures and they aren't going to want to go through all of those key signing parties again.