Do you think to migrate to 2048-bit RSA key? Yes, the time has come to reinforce your online security and in this behalf, Symantec is going to apply 2048-bit root certificate from 1st October 2013. NIST (National Institute of Standard & Technology) and CA/B forum have already stated that after December 2013, all certificates having less than 2048-bit encryption will be revoked. In this behalf, Symantec is intended to upgrade its certificate from 1 Oct ber2013.
The main intention of revoking certificate is to take prevention against rising strength of computing power and technology and for the sake of customer’s interest, Symantec has decided to revoke all certificate.
According to Symantec authority, it will upgrade 2048-bit RSA of those client’s certificate whose certificate expiry date has come. When they are renewed, they will be provided latest 2048-bit key instead of 1024-bit key.
Why Should Apply 2048-bit?
Online threat is a growing concern for whole cyber world and to fight against this havoc, legitimate organization CA/B and NIST agency who always consider customer’s interest on priority have decided to amend the size of Root certificate considered as an essential part of SSL certificate. With this amendment, all SSL certificates will now have 2048-bit RSA/DSA key means a more powerful encryption shield over the web transactions.
What Could Be Worst Happen If Not Migrate To 2048-bit?
It is simple as Strong encryption leads to strong protection. If you do not change your RSA key to 2048-bit and continue with 1024-bit then you could have following troubles in your online business.
- Your customers/visitors will face security warnings in web browsers.
- Online transactions will have no security and remain vulnerable to fraud.
- Once your certificate is revoked, there will be no Trust Seal on your site, to whom your visitors trust a lot before deciding to purchase anything.
- Your site will face customer attrition and will influence your brand image.
- All of the above incidents could lead to business loss in future.
Precaution When You Move To 2048-bit:
Customers whose certificate is going to expire and want to renew or re-issue your certificate have to follow the procedure given below.
- Customers whose certificates are going to expire before 1 January 2014 have to renew their certificate with 2048-bit CSR. After generating CSR, Login to User portal and renew or reissue certificate.
- Customers whose certificates are going to expire after 1 January 2014 have to reissue their certificate that is Free of cost offered by many vendors and authorities and you will get the remaining time of the certificate with reissuance of certificate.
2048-bit Vs Decryption
Encryption size and decryption time always walks in opposite direction. If you see below graph, you can easily find that 4096-bit RSA key takes almost 1 second for decryption while 1024-bit RSA key takes only 25 milliseconds for data decryption.
Impact on Server:
The only thing to remember is your server must be compatible with 2048-bit as 2048-bit key consumes 4 times more CPU usage. It means there are short sessions that provide space for new SSL/TLS connections. Therefore, SSL/TLS handshakes will be compacted into shorter intervals, and on a busy server it may cause minor delay while connecting to the site due to increase in number of short sessions that needs more CPU usage.
Finally, if we consider this amendment positively especially for the sake of safety of online customers and enterprises, it is worth appreciate steps taken by CA/B forum and NIST that will boost online security as well provides a better shield against online frauds and threats.