Supported Cipher Suites For Rsa; Using Ecc - Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 8 - DEPLOYMENT:
- Manual (86 pages) ,
- Install manual (132 pages)
Table of Contents
Advertisement
NOTE
Longer RSA keys are required to provide security as computing capabilities increase.
The recommended RSA key-length is 2048 bits. Though many web servers continue to
use 1024-bit keys, web servers should migrate to at least 2048 bits. For 64-bit machines,
consider using stronger keys. All CAs should use at least 2048-bit keys, and stronger keys
(such as 3072 or 4096 bits) if possible.
As PKIs using RSA keys and certificates transition to other cryptographic systems like ECC, servers
should continue to support RSA. Certificate System supports using both RSA- and ECC-based
certificates in the same subsystem.
3.2.1. Supported Cipher Suites for RSA
Certificate System supports several different cipher suites with the RSA key exchange:
• AES and SHA-1 Message Authentication. Advanced Encryption Standard (AES) ciphers have a
fixed block size of 128-bits, and the keys can be either 128-bit or 256-bit. There are 3.4 x 10
possible 128-bit keys and 1.1 x 10
other cipher, making AES the strongest cipher supported by SSL. These cipher suites are FIPS-
compliant.
• Triple DES and SHA-1 Message Authentication. Triple DES (Data Encryption Standard) is the
second-strongest cipher supported by SSL, but it is not as fast as RC4. Triple DES uses a key
three times as long as the key for standard DES. Because the key size is so large, there are
approximately 3.7 * 10
• RC4 and RC2 and MD5 Message Authentication. The RC4 and RC2 ciphers have 128-bit
encryption, which permits approximately 3.4 * 10
very difficult to crack. RC4 ciphers are faster than RC2 ciphers.
RC4 can use SHA-1 message authentication as well as MD5 message authentication.
• DES and SHA-1 Message Authentication. DES 56-bit encryption permits approximately 7.2
16
* 10
possible keys. This cipher suite is no longer FIPS-compliant because it is too weak
cryptographically.
3.2.2. Using ECC
Elliptic Curve Cryptography (ECC) is a cryptographic system that uses elliptic curves to create keys
for encrypting data. ECC creates cryptographically-stronger keys with shorter key lengths than RSA,
which makes it faster and more efficient to implement.
ECC has several advantages over RSA, since it is faster and requires shorter key lengths for stronger
keys. The drawback to using ECC is that it is not as widely supported as RSA.
1
Bits of Security
80
112
128
192
77
possible 256-bit keys. There are more possible keys than any
50
possible keys. This cipher suite is FIPS-compliant.
RSA Key Length
1024
2048
3072
7860
Supported Cipher Suites for RSA
38
possible keys. This makes RC4 or RC2 keys
ECC Key Length
160-223
224-255
256-383
384-511
38
43
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
Related Products for Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
- Red Hat CERTIFICATE 7.2 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.1 - ADMINSISTRATOR
- Red Hat CERTIFICATE 7.3 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
- Red Hat CERTIFICATE 8.0 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
- Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006
- Red Hat CLUSTER MANAGER - INSTALLATION AND
- Red Hat Cluster Suite
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8 - DEPLOYMENT and is the answer not in the manual?
Questions and answers