Since 2015, 2048-bit keys have been the recommended secure key size by NIST with an expected supported lifespan of up through 2030. It appears InSIded is currently using the AWS default for Amazon SES (1024-bit) which is considered to be cryptographically insure.
What plans are in place to rollout 2048-bit DomainKey support? This finding is increasingly coming up in security audits.
Thanks for pointing this out. We will reach out to AWS for a solution for this problem and aim for a sustainable solution. We will need to find out what timespan it requires.
Thanks Jeanie,
I haven’t heard anything from AWS so I’d be curious to hear their position on this. IIRC, I was reading that sometime ~2010 it was claimed that 1024-bit keys would be weak based upon expected computational power available in the coming decade (i.e., 2020). While I haven’t heard of anyone breaking this key, the recommendation/standard has become 2048-bit, although not everyone has adopted this.
There are likely a number of reasons for resistance to upgrade, but the one that sticks out to be is perhaps the…. DNS ‘hack’ required for support - DNS Chaining. It is really an inelegant solution but it is what we have currently have.
I know the 1024-bit key is convenient to implement in AWS as it is the default and 2048-bit would require InSided to bring their own RSA key pair but it would be great to have these options available. Our stakeholders, as I earlier mentioned, are not always technical people and call into question why we are using an ‘vulnerable’ 1024-bit key.
If you ever had a profile with us, there's no need to create another one.
Don't worry if your email address has since changed, or you can't remember your login, just let us know at community@gainsight.com and we'll help you get started from where you left.
Else, please continue with the registration below.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
