

Why do Google and Facebook still use 1024bit SSL certificates? - Flam

I'm just wondering since people seem to say it's worthless now.
======
rprime
I assume one reason would be that some browsers have difficulties handling
more than 1024, also this is not limited to browsers, also HTTP servers suffer
from this (for example IIS <= 6 can only handle 128).

On the other hand increasing the key length on certificates will slow down the
initial key exchange process (sometimes significantly once you get beyond 2048
bit) but have no effect on the strength of the encryption used during the
actual session.

Key length is not necessarily proportional to security. A massive key on a
crap cipher is still weak encryption. Of course though an unreasonably short
key on a brilliant cipher can still be brute forced.

