0

In hybrid encrytion, I still see that some site's use RSA in their https connection, so now I wonder, why do they not use ECC instead of RSA, ECC requires less computational power and encrypt's and decrypt's faster (atleast that's what I read). I know that there have been smiliar question's about this but none of these answered specfically why rsa is still used. The only two reasons what I can think of is that some hardware may not support it or that there are some web administrators that are being to lazy to upgrade, but im not sure if that is the case. I hope someone could explain this to me and shed some light on it :) .

blacklight
  • 581
  • 7
  • 12
  • 2
    Likely there are old computers (and phones) in some countries that have old browsers that haven't been upgraded to support newer crypto. I heard a talk by a Facebook higher-up talking about how phones being sold in India, for example, have this problem. Another problem is a lot of the tutorials on the internet for how to setup TLS show RSA cert generation. – mikeazo Jun 22 '16 at 12:06
  • but i thought clients always communicate to eachother by negotiating over what algorithm or key to use, as in which cipher suits are supported by both the client and the server and than choosing the most secure one. – blacklight Jun 22 '16 at 12:10
  • 1
    Are you talking about RSA certificates or RSA key exchange here? – SEJPM Jun 22 '16 at 12:12
  • im talking about the key exchange – blacklight Jun 22 '16 at 12:13
  • This would probably be a better fit for Security.SE, since which alogirthm to use is ultimately a matter security policy. – fkraiem Jun 22 '16 at 13:06
  • @fkraiem, what is the security policy difference here? – otus Jun 22 '16 at 14:57
  • @otus It seems obvious to me that the choice of algorithms is a policy decision... – fkraiem Jun 22 '16 at 15:04
  • @fkraiem I rather see an age difference here… old stuff simply doesn’t support ECs. (You’ld be surprised how many “old devices” are still out there and actively used.) – e-sushi Jun 22 '16 at 15:51
  • @fkraiem, only if there's a policy difference between the algorithms. Here I don't see one. It's a question of efficiency and legacy support. – otus Jun 22 '16 at 16:01

0 Answers0