To System Check - To Suggest Key Sizes - To Debian Vulnerability Handling
Weak Keys System Check - Small Keys
How to prevent Small Key size
Browsers
FF
- Under Options - Settings - Advanced - Tab: Encryption - Encryption Modules you'll find the installed software crypto provider with the Software Security Module. This has to be at least of HW revision 3.12 (???)
- General rule: update to the most latest stable release revision eg. 3.6.10
IE 8
- IE 8 asks for an ActiveX control to start for key generator algorythm.
- One of the cryptographic keyproviders is known to create certs of size 512 bytes. This is the "Microsoft Base Cryptographic Provider v1.0" thru rsabase.dll
- All others to be known for higher key sizes
"Microsoft Base Cryptographic Provider v1.0" is based on rsabase.dll. Updated systems (eg WXP sp3) has no rsabase.dll installed. Procedure is based on rsaenh.dll and results in keysizes starting 1024 bits Older systems (eg. NT4, W2K) or upgraded systems may have rsabase.dll installed.
Arbitration case a20110312.1