I only know some basics about SSL, symmetric keys and asymmetric keys, and
I'd greatly appreciate anyone who can shed some light on this question!

My understanding (and feel free to correct anything below here!) is that SSL
transactions between a web browser and a web server involve first a
handshake, then the actual data transmission. The handshake is handled by a
public/private key pair, then switches over to the symmetric key (256-bit
AES, 162-bit 3DES, or whatever) for the bulk of the data transmission.

Now, it seems from what I've read that 128-bit symmetric keys are still
considered secure given the current state of computing power, and may stay
that way for a long time. But for asymmetric keys, 1024 bits is considered
by at least some to be getting into the realms of being feasibly crackable.
Longer keys (2048 bit, 3072 bit) are recommended for data that needs to be
protected for years to come.

Now here's where my understanding gets murkier. I can understand what
Firefox tells me when I double-click the "lock" icon on an SSL website and
see that it's offering "High Grade Encryption (RC4 128 bit)" or "(AES 256
bit)". But what about the public/private key pair that's used to do the
handshaking? Sites like Verisign still recommend that OpenSSL users use a
command similar to this:

>openssl genrsa -des3 -rand file1:file2:...:file5 -out
>www.virtualhost.com.key 1024


and old documentation for Apache's mod_ssl seem to indicate that 2048-bit
keys aren't (or at least weren't) even supported.
(http://www.modssl.org/docs/2.8/ssl_faq.html#ToC34)

In fact, when I use MSIE to go to big-name sites (Chase Bank, Citi Bank,
RBC Centura), double-click the lock icon, look at the "Details" tab, I
invariably see "Public key: RSA (1024 bits).

So, my questions are:

1) Why isn't everyone using stronger public/private key pairs? Nobody who
seems to offer SSL certs (Verisign, Thawte, GoDaddy, Comodo) tells their
customers to generate 2048-bit keys with OpenSSL. Obviously they're not
worried - why not?

2) Related to that, should I be worried that I'm generating a public/private
keypair for my Apache2/mod_ssl server that's only 1024-bits? Do I even have
the OPTION of having a larger/stronger key, or am I going to hit some weird
compatibility problems with modern-day browsers?

Thanks to anyone who can help set me straight!


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org