Use 2048bit RSA keys for JCS test

interledger-deprecated / five-bells-shared

Common elements that are shared between Five Bells components

Other

4 stars 5 forks source link

Use 2048bit RSA keys for JCS test #118

Closed alandotcom closed 8 years ago

alandotcom commented 8 years ago

~100ms vs. ~500ms to sign with a 4096bit key

  jsonSigningTests
    jsonSigning
      ✓ should sign JSON object successfully (66ms)
    jsonSignAndVerify
      ✓ should sign and verify JSON object successfully (96ms)
    jsonInvalidSignature
      ✓ should catch invalid JSON signature
    jsonInvalidPublicKey
      ✓ should catch invalid public key in signed JSON
    jsonRSASigning
      ✓ should sign JSON object with RSA successfully (93ms)
    jsonRSASignAndVerify
      ✓ should sign and verify JSON object with RSA successfully (92ms)
    jsonRSAInvalidSignature
      ✓ should catch invalid JSON signature with RSA (75ms)
    jsonRSAInvalidPublicKey
      ✓ should catch invalid RSA public key in signed JSON (76ms)

  8 passing (573ms)

MatthewPhinney commented 8 years ago

What's the motivation for this? Speeding up the tests?

alandotcom commented 8 years ago

Yes, and also we'll be using 2048bit RSA keys for notification signing for now

naoitoi commented 8 years ago

Quick Googling netted several good sources saying 2048 bit RSA key is secure enough, for now: http://www.emc.com/emc-plus/rsa-labs/historical/has-the-rsa-algorithm-been-compromised.htm https://www.yubico.com/2015/02/big-debate-2048-4096-yubicos-stand/ So it's fine to use 2048 bit key for testing. LGTM

However, in production, customers may require 4096 bit keys, so we still should find a faster alternative to jsrsasign.

alandotcom commented 8 years ago

There is a ticket to track that. I copied you on it

On Tue, Mar 22, 2016 at 1:07 PM, naoitoi notifications@github.com wrote:

Quick Googling netted several good sources saying 2048 bit RSA key is secure enough, for now:

http://www.emc.com/emc-plus/rsa-labs/historical/has-the-rsa-algorithm-been-compromised.htm https://www.yubico.com/2015/02/big-debate-2048-4096-yubicos-stand/ So it's fine to use 2048 bit key for testing. LGTM

However, in production, customers may require 4096 bit keys, so we still should find a faster alternative to jsrsasign.

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub https://github.com/interledger/five-bells-shared/pull/118#issuecomment-199997373