When
Firefox 32 shipped this week, Mozilla also officially ended its support of 1024-bit certificate authority certificates in its trusted store.
While it still takes a considerable amount of resources to factor and crack a 1024-bit RSA key, important organizations such as NIST have been advising organizations to
move to 2048-bit keys or higher going as far back as 2011.
Microsoft announced a change to its certificate key length requirements shortly thereafter, yet others including Google, have been slow to follow suit.
Mozilla’s move to deprecate 1024-bit certs in not only Firefox, but also in Thunderbird, is certainly welcome news. With state-sponsored targeted attacks ramping up, and the uncertainty over the NSA’s and others’ abilities in the intelligence community around cracking or subverting crypto, security experts urge organizations to put up higher barriers to keep hackers and the IC at bay.
