28 Jul
2011
28 Jul
'11
2:17 p.m.
Michael Ströder wrote:
Howard Chu wrote:
Nobody should be using T.61 any more, they should be using UTF-8.
That's right indeed. But think of ancient root CA certs with a long validity period to be stored in a LDAP server.
Yes, a frightening thought. A cert that old was probably generated using a keypair that is small enough to be easily cracked on a modern computer.
768-bit RSA keys were successfully brute-forced over a year ago. http://arstechnica.com/security/news/2010/01/768-bit-rsa-cracked-1024-bit-sa...
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/