Michael Ströder wrote:
Howard Chu wrote:
Nobody should be using T.61 any more, they should be using UTF-8.
That's right indeed. But think of ancient root CA certs with a long validity
period to be stored in a LDAP server.
Yes, a frightening thought. A cert that old was probably generated using a
keypair that is small enough to be easily cracked on a modern computer.
768-bit RSA keys were successfully brute-forced over a year ago.
http://arstechnica.com/security/news/2010/01/768-bit-rsa-cracked-1024-bit-safe-for-now.ars
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
