 |
 |
> a) can we come up with a better solution than downgrading everything To be clear -- this moves everything from 512-bit DH (broken) to 2048-bit DH (OK for now). Because of the DH parameter selection, the session key has 127 bits of security currently and remains at 127 bits. If we drop support for RHEL7 (e.g., LHC Run2), we get the session key back to 128 bits of security. The difference between 127 and 128 for the session key is pretty minimal (it's something like the difference between being broken in 250 billion years and 500 billion years). The difference between 512-bit DH and 2048-bit DH is a huge step forward: it's the difference between "broken in the 90's" and "considered secure for now". -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/pull/2026#issuecomment-1578925061 You are receiving this because you are subscribed to this thread. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1