Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RSA 4096 disabled on Nano X #83

Open
ElMarioVI opened this issue Aug 19, 2022 · 6 comments
Open

RSA 4096 disabled on Nano X #83

ElMarioVI opened this issue Aug 19, 2022 · 6 comments

Comments

@ElMarioVI
Copy link

ElMarioVI commented Aug 19, 2022
edited
Loading

Hey, checking latest commits (effaf86) looks that rsa 4096 generate was disabled on Nano X devices until firmware will be updated, can be enabled and works with latest 2.0.2 firmware?
@ElMarioVI ElMarioVI changed the title RSS 4096 disabled on Nano X RSA 4096 disabled on Nano X Aug 19, 2022
@cedelavergne-ledger
Copy link
Contributor

Hi,
RSA4096 will be disabled due to watchdog config limitations (generation time takes today too long).
Keeping this issue opened to remind we still have to work on it.

@cedelavergne-ledger cedelavergne-ledger mentioned this issue Feb 28, 2024
Closed
@dave7280
Copy link

dave7280 commented Jun 30, 2024
edited
Loading

Is there any option to downgrade? I just updated my firmware then found out that my 4096 GPG key no longer loads. Ledger + this app was possibly one of few most convenient devices where you could unlock the GPG key using on screen device (unlike yubikeys where you have to type pin on computer device). It's also one of few devices unlike yubikeys that stored the key encrypted on the device with PIN (if understand things correctly)

@cedelavergne-ledger
Copy link
Contributor

Will look if it is possible to reactivate, in the next release, the RSA operations while still disabling the key generation...

@0rkaM
Copy link

0rkaM commented Dec 11, 2024

I understand the issue is with Nano X, and is this also a problem on the Nano S Plus?

@cedelavergne-ledger
Copy link
Contributor

I understand the issue is with Nano X, and is this also a problem on the Nano S Plus?

Hi,
It has been decided to have a coherent behavior on every device. So the key generation with RSA-4096 is not yet possible, but people that already have generated such key a long time ago can continue to use them for sign/encrypt operations

@0rkaM
Copy link

0rkaM commented Dec 12, 2024

When will be the next release?... with a fix?
Since depending on the situation 3072 is getting close to the end.

According to current security standards, the use of RSA 2048 (Security Strength = 112) should be fade out to be replaced with RSA 3072 (Security Strength = 128) by 2030, which some experts suggesting it should be safe to be used beyond that point, as it provides a strong security level equivalent to 128-bit encryption; But with the advent of AI and possible Quantum computers within a decade or so, for future-proofing, many organizations are transitioning to larger key sizes like 4096-bit RSA and 7680-bit (Security Strength = 192) with some extreme suggesting 15360-bit (Security Strength = 256)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dave7280 @0rkaM @ElMarioVI @cedelavergne-ledger