top | item 44078123

(no title)

arkadiyt | 9 months ago

> Make an RSA key of 4096 bits. Call it your personal key.

This is bad advice - making a 4096 bit key slows down visitors of your website and only gives you 2048 bits of security (if someone can break a 2048 bit RSA key they'll break the LetsEncrypt intermediate cert and can MITM your site). You should use a 2048 bit leaf certificate here

discuss

Arnavion|9 months ago

My webhost only supports RSA keys, so I use an RSA-4096 key just to annoy them into supporting EC keys.

asimops|9 months ago

The key in question is the acme account key though, correct?

nothrabannosir|9 months ago

Amateur question: does a 4096 not give you more security against passive capture and future decrypting? Or is the intermediate also a factor in such an async attack?

arkadiyt|9 months ago

> does a 4096 not give you more security against passive capture and future decrypting?

If the server was using a key exchange that did not support forward secrecy then yes. But:

    % echo | openssl s_client -connect rachelbythebay.com:443 2>/dev/null | grep Cipher
    New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384

^ they're using ECDHE (elliptic curve diffie hellman), which is providing forward secrecy.

upofadown|9 months ago

The certificate is for authentication of the server. It has nothing to do with the encryption of the data.

Basically forward secrecy is where both the sender and receiver throw away the key after the data is decrypted. That way the key is not available for an attacker to get access to later. If the attacker can find some way other than access to the key to decrypt the data then forward secrecy has no benefit.