Tuesday, 28 May 2013

Are You Still Using 1024 Bit Key Encryption?

With the growing complexities of the internet, digital certificates generated with 1024 bit key encryptions are no longer advisable. While they proved to be unbreakable for the past few decades, with the advances in technology, Generation X now has the ability of decrypting these chains allowing a successful Man in the Middle attack resulting to unauthorized access to personally identifiable information.

Understanding this curve of development in algorithms, the National Institute of Standards and Technology (NIST) has recommended all CAs to use 2048 bit key lengths on all issued digital certificate starting November 2010.

As a certificate authority valuing customers and industry innovation most, GlobalSign has been religiously complying with NIST guidelines and recommendations (in advisories 800-57 and 800-131) and Microsoft’s mandatory requirements of Microsoft’s Root Certificate Program (Technical Requirement Point 11). All of the issued digital certificates from the GlobalSign comprehensive product line from December of 2010 have 2048 bit key encryptions giving customers double protection from possible breach of their data. 

What happens?

All individuals and organizations requesting and/or renewing SSL certificates from GlobalSign will have to specify a 2048 bit key encryption length on their Certificate Signing Requests (CSR) from November 29, 2010 onward. The system shall not process CSRs with a 1024 or lower key lengths.

If are currently using a 1024 bit key length on your SSL’s CSR and would like to renew under GlobalSign, you would have to create another CSR with 2048 bit key encryption. In the event that you do not have the technical expertise to do this, you may email our support team at support-asia@globalsign.com or you can use GlobalSign’s AutoCSR function* alternatively.

*AutoCSR may only be used for DV and OV SSL orders. For EV SSL, client needs to manually generate their Certificate Signing Requests. 

Check your Certificate’s Encryption Strength

Enter your website’s URL on https://sslcheck.globalsign.com/

 After the analysis is done, please click on more details.

Afterwards, click on Certificate Details. To know the encryption strength, refer to the details under Public Key.