Strengthening RSA default minimum to 2048 bits

wolfSSL helps make the internet secure. Part of this task is continually updating our default settings to keep up with adversarial advancements. A recent article detailed the use of default RSA key sizes by an IoT manufacturer, which resulted in a 512 bit key being used for authentication. “The factoring required $70 in cloud computing costs and less than 24 hours.”

Since wolfSSL also had the default minimum set to 512 bits, we decided to update the default minimum to 2048 bits. The decision to use 2048 bit for the minimum was based on NIST recommendations and security industry best practices. This affects key generation using wc_MakeRsaKey. Testing infrastructure was also updated to be sure the smaller key sizes are still being covered by CI tests. The default RSA key size minimum can be overridden in the configuration using the RSA_MIN_SIZE macro.

For more information about using RSA in wolfSSL or have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now