## 20160524 AK
----
 [[WeakKeys/SmallKey/CZ|česky]] | '''english'''
----
 . '''To [[WeakKeys|System Check]]''' - '''To [[SuggestKeySizes|Suggest Key Sizes]]''' - '''To [[DebianVulnerabilityHandling|Debian Vulnerability Handling]]'''

----

= Weak Keys System Check - Small Keys =

== How to prevent Small Key size ==

=== Browsers ===

==== FF ====
 . Under Options - Settings - Advanced - Tab: Encryption - Encryption Modules you'll find the installed software crypto provider with the Software Security Module. This has to be at least of HW revision 3.12 (???)
 . General rule: update to the most latest stable release revision eg. 3.6.10, nowadays (2016) about 44.0 - 46.0; these versions have the Encryption tab no more, and you cannot select the encryption neither there nor on the configuration page (about:config). 

==== IE 8 ====
 . IE 8 asks for an ActiveX control to start for key generator algorythm.
 . One of the cryptographic keyproviders is known to create certs of size 512 bytes. This is the "Microsoft Base Cryptographic Provider v1.0" thru rsabase.dll
 . All others to be known for higher key sizes

{{attachment:IE8-keysize-selection.png}}

 {{{#!wiki note
"Microsoft Base Cryptographic Provider v1.0" is based on rsabase.dll.
Updated systems (eg WXP sp3) has no rsabase.dll installed.
Procedure is based on rsaenh.dll and results in keysizes starting 1024 bits
Older systems (eg. NT4, W2K) or upgraded systems may have rsabase.dll installed.
}}}

----
 . Arbitration case [[Arbitrations/a20110312.1|a20110312.1]]

----
 . CategorySystems
 . CategorySoftware