This topic created in 3791 days ago, the information mentioned may be changed or developed.
现在各家的貌似都是 2048bit ,有谁支持 4096 么?
 |
1
lightening Dec 22, 2015
Let's Encrypt
|
 |
2
Andy1999 Dec 22, 2015
谁家都支持吧
我的一个都签到了 8192 |
 |
3
yeyeye Dec 22, 2015
上这么高的安全性 0 0~ 有没有必要嘛
|
 |
4
cevincheung OP |
 |
5
fany Dec 22, 2015
都支持吧
|
 |
6
songjiaxin2008 Dec 22, 2015 via iPhone
这个好像是写在 CSR 的吧 不是 ca 的问题
|
 |
7
Showfom PRO 一般都支持, csr 里自己写参数
|
|
8
cevincheung OP |
 |
9
xenme Dec 22, 2015 via iPhone
你自己生成的 CSR ,你问别人?
这个和你的 |
|
10
xenme Dec 22, 2015 via iPhone
接上面,和你的系统有关,目前主流都是默认 2048 。
4096 以上兼容性还有太多问题。 |
|
11
Showfom PRO @cevincheung 这两个概念
|
|
12
cevincheung OP @Showfom 所以现在还是没支持 4096bit 的 CA ?
|
 |
13
Quaintjade Dec 23, 2015
中间证书不是 4096 的话,末端证书 4096 有啥用?
|
 |
14
msg7086 Dec 23, 2015
While it is true that a longer key provides better security, we have shown that by doubling the length of the key from 2048 to 4096, the increase in bits of security is only 18, a mere 16%. [1]
长度翻倍安全性也就加了 16%,还会严重拖慢运算速度,真的有必要么。 [1]: https://www.yubico.com/2015/02/big-debate-2048-4096-yubicos-stand/ |
 |
15
crazycen Dec 23, 2015 via iPhone
性能 安全 自己取舍吧!
|
 |
16
SpicyCat Dec 23, 2015
纯引用
https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096 > A keysize of 2048 is sufficient. Using 4096 "gives us almost nothing, while costing us quite a lot." > If you need more security than RSA-2048 offers, the way to go would be to switch to elliptical curve cryptography — not to continue using RSA. > 11.6 Why does GnuPG support RSA-4096 if it ’ s such a bad idea? > RSA-4096 is not a bad idea: it ’ s just, generally speaking, unnecessary. You gain very little in the way of additional resistance to brute-forcing and cryptanalysis. |
Select Language