|
|
|
|
|
|
by kientuong114
676 days ago
|
|
|
The right answer is not always about straight-out security: 2048-bit RSA is not broken and won't be broken for the foreseeable future, but we know that it is much less efficient and more error-prone than e.g. ECDH. So why suggest the former when the latter is a better alternative? You should consider these "right answers" as if the question were, "I want to develop a new product today. What cryptographic primitive should I use?" |
|
|
RSAES-2048-PKCS#1v1.5 has implementation-dependent security; implementations keep getting broken due to padding oracle attacks. RSA-KEM-2048 is fine, though slower than ECDH.