A posting from Naked Security on Google announces it will double its SSL key sizes:
Google just announced that its HTTPS web pages will be ditching 1024-bit RSA keys in favour of 2048 bits.
“Pah,” I hear you say. “I have one or two questions about that – three questions, in fact.”
- How is this newsworthy when many other web properties have already made the switch to 2048 bits? (Kim “Big Fella” Dotcom’s mega.com.nz, for example.)
- Why switch if 1024 bits is much bigger than the largest RSA key yet known to have been cracked, at 768 bits?
- Why the fuss about 1024 bits anyway, if just 128 bits is considered more than enough for other encryption algorithms, such as AES?
Let’s start at the end: why thousands of bits of RSA key but only hundreds for AES?
To read more click here: