On Thu, Sep 29, 2022 at 10:36:55AM +0200, Cyborg via Exim-users wrote:
> There is a BSI ( the german cybersecurity agency ) guideline for
> german corps and gov entities, which states, that 2048 bit RSA keys,
> for any purpose, should not be used anymore in 2022.
The BSI stance is unreasonable for almost all users and threat models.
Perhaps there are some sensitive military or diplomatic applications in
which RSA is used in key transport mode, and where it is anticipated
that classical brute-force attacks with 2^112 cost (~10^12 times the
cost of the largest scale attacks demonstrated to date) are somehow
possible and economically justified, and 2^128 saves the day.
> Can you state, why you think, that this 2048 bit key is only used for
> authentication, rather than for TLS encryption? I think, it is used, as
> it's presented on port 25.
Other than with outdated RSA key transport, almost all TLS clients
prefer DHE or ECDHE, where RSA just signs (authenticates) the key
exchange, rather than encrypts or decrypts the key.
Clients old enough to not support DHE or ECDHE generally have more
severe problems than vulnerability to 2^112 attacks.
--
Viktor.
