DigiCert Reaffirms Trusted Keys Enabled With 2048-Bit Encryption

Recent attacks on MD5 algorithms and domain-only validated SSL certificates highlight the need for trusted certificates, according to the company

May 6, 2009

3 Min Read


LINDON, Utah, May 5 /PRNewswire/ -- A recent report from the U.S. National Institute of Standards and Technology (NIST)--Special Publication 800-57 Part 3--reiterated NIST's position against the long-term viability of the common 1024-bit RSA private keys, rendering them essentially obsolete after 2010. In NIST Special Publication 800-57 Part 1 issued May 2006, NIST recommended that after 2010 only the algorithms and key sizes specified, e.g., 2048-bit RSA, "should be used to provide the cryptographic protection." This was recently affirmed late last year in Part 3 of Special Publication 800-57--"public key sizes shall be consistent with [Part 1]. Clients shall not accept any certificate signed with a key smaller than the approved key size for the date of certificate verification by the client. This is generally accomplished through control of the root certificate key-store."

Microsoft has already pledged its support for the measure, promising to remove 1024-bit roots from its root certificate key-store as of January 1, 2011 - a challenge to some certificate authorities whose older trusted roots would immediately be considered untrusted and subject to browser warning messages. The ensuing fallout will likely see fearful site users dropping off web pages, resulting in potentially catastrophic losses for sites dependent on e-commerce or conversions.

Fortunately, for customers of DigiCert, Inc., a trusted provider of enterprise-class high-assurance SSL certificates, the warnings are moot. According to Travis Tidball, director of customer relations at DigiCert, the company's trusted roots are, and always have been, enabled with 2048-bit keys.

"DigiCert customers can rest assured that their certificates are future-proofed," Tidball said. "While it's unlikely that 1024-bit roots could be compromised even by 2010, DigiCert is committed to the future reliability of our SSL certificates and validation services. We are pleased to offer the most secure and affordable protection to our customers."

Recent attacks on MD5 algorithms and domain-only validated SSL certificates highlight the need for certificate authorities to employ the most responsible methods available to ensure their client's certificates are strong and trusted.

"Providing a reliable and trusted SSL certificate is a reputation business - it's up to certificate authorities to take the high road and offer the utmost in security, reliability and value for their customers," Tidball said. "For us, this means staying ahead of the standard, with the highest level of encryption possible at a fair and reasonable price point. When shopping for certificates, customers should consider both reliability and value."

DigiCert provides SSL certificates in a variety of options to deliver the strongest encryption available for each customer's specific needs, including WildCard SSL certificates to secure multiple sub-domains, Unified Communications Certificates (also known as Subject Alternate Name "SAN" certificates) for multiple domains, Extended Validation Certificates (EV SSL) for even stronger identity assurance and the hallmark green address bar, as well as standard Single-Name Certificates. For those who are unsure of the best option to meet their needs, the DigiCert SSL Certificate Chooser can help customers make the best choice for both coverage and value.

DigiCert offers a 30-day trial period for all SSL certificate products and provides a full 100% money-back guarantee. All products are backed by DigiCert's industry-leading personalized support service, including step-by-step certificate setup, installation and ongoing support. DigiCert is a WebTrust Certified Certificate Authority, a member of the CA/Browser Forum, Online Trust Alliance, and the W3C Consortium.

For more information, visit www.digicert.com.

About DigiCert, Inc.

DigiCert, Inc. is a leading provider of enterprise-grade, high-assurance, 256-bit SSL Certificates trusted by many national and state governments, educational and medical institutions, and Fortune 500 companies around the world. DigiCert's commitment to innovation and value provides clients with peace of mind backed by a 100% money-back guarantee and live 24-hour phone, chat and email support, along with intuitive GUI certificate management. Located inLindon,Utah, DigiCert is a WebTrust Certified Certificate Authority, a member of the CA/Browser Forum and the W3C Consortium. For more information, visitwww.digicert.comor call 1-800-896-7973.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights