6 Aug
2012
6 Aug
'12
5:29 p.m.
Zitat von Phil Daws <uxbod(a)splatnix.net>et>:
Hello all,
looking for a bit of advice as searches have not really reaped much.
When we set up Djigzo's CA what would be the most client
inter-operable settings to use; 2048 bits with SHA512 ? I have been
led to believe that there have been issues on BlackBerrys, quite
some time ago, when using 4096 bits and SHA512.
- You should not create/issue certificates with less than 1024bits RSA
anymore, 2048 should be sufficient for the next 10 years
(https://wiki.mozilla.org/CA:MD5and1024)
- SHA-2 had somewhat more issues especially on older windows version
still widely used
(http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx).
Windows should be fixed today by this security update which bumps up
the crypt32.dll though: http://support.microsoft.com/kb/2641690/en
So using 2048RSA/256SHA-2 should be safe enough an at least for e-mail
understood by most clients today.
Regards
Andreas