Menu
▾
▴
Re: [Ejbca-develop] More on 4096 bit keys
|
From: Tomas G. <to...@pr...> - 2004-06-06 19:03:56
|
It might have something to do with the crypto-apckage we're using, BouncyCastle. I'll forward the message to their mailing list to get an answer. 4096 bits shoudl take quite a bit longer than 2048. How logn does it take for OpenSSL? Cheers, Tomas Ken Gunderson wrote: > fwiw-- I did some more testing with 4096 bit keys on a 2.8GHz Xeon > macine with a couple gigs of RAM. Results as follows: > > 1) Still cannot create 4096 bit keys using command line scripts. > > 2) Able to create 4096 bit root keys from admin gui, but takes an > inordinately loooooong time. Several minutes. > > 3) Able to create 4096 bit sub ca's signed by #2 above, but again, takes > a several minutes. Top shows CPU pegged at 100%, all going to Java... > > 4) Able to create 4096 bit end user certs signed by #3 above. > > > On PIII700MHz box w/1 GB ram > > 1) same as above > > 2) same as above > > 3) Timeout exception > > 4) Timeout exception > > It's odd that Java needs to struggle so to create 4096 bit keys when > OpenSSL can handle them with ease, even on legaccy hardware (I > resurected an old old P5 90MHz box with only 64 MB ram). SO from above > it must be somehow related to raw horsepower, but 2.8GHz Xeon is a hell > of a lot of muscle to be pegged at 100% for minutes. Might Java be > having troubles collecting sufficient randomness?? > |
