Goodbye to RSA Keys … Finally!

I will start off by saying PKI (Public Key Infrastructure) is flawed, but is the core of security on the Internet. But it is in for a bit of a change over the next few years.

Many organisations are worried about large-scale trust breaches, and where the private keys of companies could be leaked, and cause a large-scale loss of trust on the Internet. Basically, it is the Number 1 serious threat for most medium to large size companies, and would cost large companies 100s of millions of dollars to fix.

And so we have all blindly renewed our digital certificates with 2,048 bit keys, and have been told that 512-bit and 1,024 bit keys are insecure (with some companies performing an en-masse change over). TLS 1.3, too, has kicked RSA off the TLS standard, and will not support the encryption of the session key from the client to be sent back to the server using the public key of the server.

Why? Because a single breach of the private key of the server will allow all the keys to be broken, for virtually every session. The way forward is elliptic curve methods, and it is build into Tor, your bank card, Wi-fi, Blockchain, cryptocurrency wallets, and is the method of choice in IoT security.

Elliptic curve methods have much smaller encryption keys than RSA, and have a considerably lesser overhead in terms of processing, memory…