Menu
▾
▴
[Ejbca-develop] More on 4096 bit keys
|
From: Ken G. <kgu...@te...> - 2004-06-06 18:58:13
|
fwiw-- I did some more testing with 4096 bit keys on a 2.8GHz Xeon=20 macine with a couple gigs of RAM. Results as follows: 1) Still cannot create 4096 bit keys using command line scripts. 2) Able to create 4096 bit root keys from admin gui, but takes an=20 inordinately loooooong time. Several minutes. 3) Able to create 4096 bit sub ca's signed by #2 above, but again, takes=20 a several minutes. Top shows CPU pegged at 100%, all going to Java... 4) Able to create 4096 bit end user certs signed by #3 above. On PIII700MHz box w/1 GB ram 1) same as above 2) same as above 3) Timeout exception 4) Timeout exception It's odd that Java needs to struggle so to create 4096 bit keys when=20 OpenSSL can handle them with ease, even on legaccy hardware (I=20 resurected an old old P5 90MHz box with only 64 MB ram). SO from above=20 it must be somehow related to raw horsepower, but 2.8GHz Xeon is a hell=20 of a lot of muscle to be pegged at 100% for minutes. Might Java be=20 having troubles collecting sufficient randomness?? =20 --=20 Best regards, Ken Gunderson GPG Key-- 9F5179FD "Freedom begins between the ears." -- Edward Abbey |
