[Ach] macosx and certificates > 4096bit

[ianG]

On 17/04/2014 11:28 am, Hanno Böck wrote:
> On Thu, 17 Apr 2014 11:22:36 +0100
> ianG <iang at iang.org> wrote:
> 
>> Is that the reason?  Or is that the reason they tell us?
> 
> Well, it's what they (nss devs) told me when I asked, but I had no
> reason to doubt it.


:) Ask them if they've got any experience of this.  And if not, where
did the thought arise...  They won't be able to answer.


> But it seemed plausible to me. I actually ran some tests after that
> and basically, 4096 has a notable performance impact but is what you
> still can reasonably use, 8192 becomes slow as hell.


The 4096 limit has been around for a long long time, even in the 1990s a
lot of software stopped at that number for mysterious reasons.

If you think in strategic terms, let's say we're the MiB.  If we can
push that idea through all the projects, that means at some point our
arms race overtakes moore's law and we can crunch it [0].  Nice bounty
to have ... meanwhile, let's store all the messages for that day.

Notice, nobody's seen fit to update the number in the face of Moore's
law improvements.  When I was doing 4096 PGP back in the 1990s it would
take a minute to do an email.  These days I won't notice.  NIST is
happily pushing all CAs to do maximum 4096.

tormenta$ openssl speed rsa...
Doing 4096 bit private rsa's for 10s: 230 4096 bit private RSA's in 10.02s
Doing 4096 bit public rsa's for 10s: 16608 4096 bit public RSA's in 9.99s
OpenSSL 0.9.8y 5 Feb 2013


This tells me that we're in the domain of cryptographic numerology --
the herd has found a number and has stuck to it;  for no logic that
isn't any more valid than the planets and the stars.



iang


[0] insert in here notion that we push everyone across to EC using
standardised curves as well...