search

processone / p1_acme

ACME client library for Erlang
Apache License 2.0
11 stars 3 forks source link

Raise default RSA bitlength to 4096 #2

Open huhndev opened 4 years ago

huhndev commented 4 years ago

Please raise the default RSA bitlength to 4096 to increase security and get better scores with tools like CryptCheck.

https://github.com/processone/p1_acme/blob/65914a9efe71c487cde901451ae987e00f2473ac/src/p1_acme.erl#L742

Neustradamus commented 1 year ago

@prefiks: What do you think?

bestperson-free commented 1 year ago

I really really want to see this on my server)

jsautret commented 1 year ago

Increasing the RSA bit length to 4096 could significantly increase CPU usage, while the security gain is still limited.

Mozilla's recommendation is still 2048: https://wiki.mozilla.org/Security/Server_Side_TLS

Here is a quick benchmark run on an AWS t3.medium:

$ openssl speed rsa2048 rsa4096
Doing 2048 bits private rsa's for 10s: 14554 2048 bits private RSA's in 10.00s
Doing 2048 bits public rsa's for 10s: 472882 2048 bits public RSA's in 9.99s
Doing 4096 bits private rsa's for 10s: 2166 4096 bits private RSA's in 10.00s
Doing 4096 bits public rsa's for 10s: 139385 4096 bits public RSA's in 10.00s
OpenSSL 1.1.1n  15 Mar 2022
built on: Fri May 26 21:30:44 2023 UTC
options:bn(64,64) rc4(16x,int) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -ffile-prefix-map=/build/openssl-FSeIwm/openssl-1.1.1n=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.000687s 0.000021s   1455.4  47335.5
rsa 4096 bits 0.004617s 0.000072s    216.6  13938.5
bestperson-free commented 1 year ago

The load is understandable, and it should be left to the user's choice, maybe it's worth doing 3072 as a middle ground)

Neustradamus commented 6 months ago

@jsautret: With OpenSSL 3.2.0 and 3.3.0, what is the benchmark?