堆栈内存溢出
  简体   繁体   English

为SSH生成SSL密钥对时,可以使用的最大位数(-b)是多少?

[英]When generating an SSL key pair for SSH what is the largest number of bits (-b) you can use?

 原文  2016-10-05 14:48:10       ssl/ encryption/ ssh

问题描述

I have recently done some work to upgrade to the SSL keys for some webservices we consume. 我最近完成了一些工作,以升级到我们使用的某些Web服务的SSL密钥。 I did not initiate the work but its was to go from 1024 to 2048 bits. 我没有启动这项工作,但是将其从1024位扩展到2048位。

When generating ssh keys I can specify the bit level(rate/depth?) with ssh-keygen -b 2048. But what are the benefits/deficits of a higher bit value? 生成ssh密钥时,我可以使用ssh-keygen -b 2048指定位级别(速率/深度?)。但是,更高的位值有什么好处/不足呢? Are there any technical limits? 有技术上的限制吗?

why are we not all generating ssl keys with a bit depth of 1 billion? 为什么我们不都生成位深度为10亿的ssl密钥?

1 个解决方案

解决方案1
 1 已采纳  2016-10-05 15:02:48

I'm going to assume the keys are RSA since 2048 is a common size for RSA (but non-existent for ECDSA or EdDSA). 我将假定密钥是RSA,因为2048是RSA的常用大小(但ECDSA或EdDSA不存在)。

But what are the benefits/deficits of a higher bit value? 但是更高的比特值有什么好处/不足呢?

The benefits are the "strength" of the key, to put it simply. 简而言之,好处就是关键的“强度”。 Larger keys take longer to "crack". 较大的键需要更长的时间才能“破解”。 More specifically, in RSA, breaking a key requires factoring a very large number. 更具体地说,在RSA中,破解密钥需要分解非常大的数字。 The larger the number is, the harder it is to factor. 数字越大,考虑因素就越困难。 This the the extent of what we know about factoring numbers, which is that it cannot be done in polynomial time using technology that is readily available. 这就是我们所知道的因数分解的程度,即它不能使用容易获得的技术在多项式时间内完成。

Larger keys can perform slower, and require more memory to use. 较大的键执行速度可能较慢,并且需要更多的内存才能使用。 However, 2048 is considered the lowest "safe" size for RSA. 但是,2048被认为是RSA的最低“安全”大小。

Are there any technical limits? 有技术上的限制吗?

It depends on what is using a key. 这取决于使用什么键。 Speaking from experience, keys bigger than 4096 start running in to software problems because the key is too large. 从经验上来讲,大于4096的密钥会因为密钥太大而开始出现软件问题。

why are we not all generating ssl keys with a bit depth of 1 billion? 为什么我们不都生成位深度为10亿的ssl密钥?

Well a 100 MB-ish key would take a lot of memory to use. 那么,一个100 MB大小的密钥将占用大量内存。 Secondly, RSA keys are not completely random numbers. 其次,RSA密钥不是完全随机数。 They are made up of two prime numbers, p & q, which produce n, the modulus. 它们由两个质数p&q组成,它们产生模数n。 Generating primes this large is quite a difficult task. 生成如此大的素数是一项艰巨的任务。

Finally, there is little security benefit once you go beyond a certain key size. 最后,一旦超出一定的密钥大小,安全性几乎没有好处。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 带2对公钥/私钥的SSL - SSL with 2 pair Public/Private Key 生成并提交 csr 后,我可以删除 ssl 密钥上的密码吗? - Can I remove the passcode on a ssl key after generating and submitting the csr? 您可以对Lagom中的Websocket使用SSL / TLS吗? - Can you use SSL/TLS for Websockets in Lagom? 什么时候将mysqli与ssl(ssl_set)一起使用 - When would you use mysqli with ssl (ssl_set) html keygen 替代,在浏览器中生成密钥对 - html keygen alternative, generating key pair in browser SSL 对等证书或 SSH 远程密钥不正确 - SSL peer certificate or SSH remote key was not OK SSL证书-根证书中私钥的用途是什么? - SSL Certificate - What is the use of the private key in a root certificate? 我的 SSL 证书应该使用什么 RSA 密钥长度? - What RSA key length should I use for my SSL certificates? 如何在 Spring-Boot 中使用 SSL 证书并为 Android 客户端生成公钥 - How to use SSL certificate in Spring-Boot and generating Public-key for android clients 在1and1上设置免费的GeoTrust SSL证书会怎样? - What happens when you setup the free GeoTrust SSL certificate on 1and1?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM