search

chromium / badssl.com

:lock: Memorable site for testing clients against bad SSL configs.
https://badssl.com
Apache License 2.0
2.85k stars 191 forks source link

Updated both ECC 256-bit and 384-bit index.html to include RSA equivalents #261

Closed prefixtitle closed 7 years ago

lgarron commented 7 years ago

I don't really like comparing RSA bit-strengths like that. :-/

Also, the page is about ECC, not RSA. It might be more appropriate to try to explain bit strength on an RSA page by stating "equivalent to X bits of semantic security under current known attacks", but even that is something that I don't think is badssl.com's job to judge or explain.

@marumari, do you feel any differently?

april commented 7 years ago

I know that SSL Labs and others do this, simply because some people get confused about the differences. But I personally have no strong feelings about it and I don't think it's really necessary for badssl.

On Mar 2, 2017, at 11:30 PM, Lucas Garron notifications@github.com wrote:

I don't really like comparing RSA bit-strengths like that. :-/

Also, the page is about ECC, not RSA. It might be more appropriate on an RSA page stating "equivalent to X bits of semantic security under current known attacks", but even that is something that I don't think is badssl.com's job to judge or explain.

@marumari https://github.com/marumari, do you feel any differently?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/chromium/badssl.com/pull/261#issuecomment-283869548, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOEgOnmVO6De4cleJFc7kGVuRr4Bro6ks5rh6WSgaJpZM4MRsFb .

prefixtitle commented 7 years ago

If there isn't any objections, I will close this PR for now.

lgarron commented 7 years ago

Yeah, let's. Thanks for the suggestion, though. :-)