dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
992
share rss forum feed

avze

join:2013-08-19

Gmail to offer RSA 2048-bit SSL

Will this improve the security even after logging on to Gmail?
»nakedsecurity.sophos.com/2013/05···y-sizes/


dandelion
Premium,MVM
join:2003-04-29
Germantown, TN
kudos:5

2 recommendations

Security from what? Maybe from hackers however considering the Gmail TOS I don't think much security will be coming from that area.


jack b
Gone Fishing
Premium,MVM
join:2000-09-08
Cape Cod
kudos:1

1 recommendation

reply to avze
The government already has access to all your data, so, in the words of a former secretary of state:
" what difference does it make?"
--
~Help Find a Cure for Cancer~
~Proud Member of Team Discovery ~


NOYB
St. John 3.16
Premium
join:2005-12-15
Forest Grove, OR
kudos:1

1 recommendation


The difference it makes is 2048 - 1024 = 1024.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to avze
quote:
But RSA encryption is a public/private key cipher, meaning you have one key to lock and another key to unlock.
...and guess who has access to those keys besides the user?

Dun Dun Dun...

Regards


NOYB
St. John 3.16
Premium
join:2005-12-15
Forest Grove, OR
kudos:1

3 edits
Well, everyone has access to the public key.

The certificate owner (and anyone they give it to, either willingly or under duress) has access to the private key. In short, probably the same people who have access to the current (soon to be previous) 1024 bit private key.

Right now I'm thinking that you don't know the answer nor how the keys work, so asking for guesses to your insinuating rhetorical question rather than providing your own hypothesis.

--
Be a Good Netizen - Read, Know & Complain About Overly Restrictive Tyrannical ISP ToS & AUP »comcast.net/terms/ »verizon.net/policies/
Say Thanks with a Tool Points Donation

evoxllx

join:2007-06-07
Winter Park, FL
reply to avze
Even if someone got ahold of Google's private key, the most they could do with it is MITM others. Google supports forward secrecy for every major browser, so the private key can't be used to retroactively decrypt any past traffic.

They currently use ECDHE with the P-256 curve, so their RSA equivalent is around 3072-bits of security.

HELLFIRE
Premium
join:2009-11-25
kudos:18

1 recommendation

reply to NOYB
@ NOYB See Profile
I do have some knowledge how public / private keys work, tho I usually have to reach for a bottle of aspirin
everytime I have to read an article on it.

The fact of the matter is... and I think it's been mentioned several times in this forum... I trust any commercial
and any governmental agency about as far as I can kick em to actually keep that private [insert here] as what it should
be kept as... PRIVATE.

Next time I'll notate that with "[/cynicism]" to clarify better...

Regards


Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12
reply to dandelion

 

Not at all.... This has to be a joke!!