[Secure-testing-team] Bug#878303: genrsa manpage suggests using 1024 bit keys
Toni Mueller
toni at debian.org
Thu Oct 12 13:49:31 UTC 2017
Package: openssl
Version: 1.1.0f-3
Severity: normal
Tags: security upstream
Hi,
the genrsa(1) manpage suggests that 1024 bits may be a typical key size
for RSA keys. I have to object - the Debian project deprecated 1024 bit
keys in GnuPG for a reason, and recently, there was also a bug in GnuPG
that allowed for 1024 bit keys to be broken.
I'm not suggesting a code change, but that the man page be updated to
suggest using 2048 bit keys instead.
Cheers,
--Toni++
-- System Information:
Debian Release: 9.1
APT prefers stable
APT policy: (990, 'stable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages openssl depends on:
ii libc6 2.24-11+deb9u1
ii libssl1.1 1.1.0f-3
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20161130+nmu1
-- no debconf information
More information about the Secure-testing-team
mailing list