[Pkg-puppet-devel] Bug#620739: puppet - Not longer secure key and hash defaults
Bastian Blank
waldi at debian.org
Sun Apr 3 18:41:38 UTC 2011
Source: puppet
Version: 2.6.2-4
Severity: important
puppet have the following defaults for the CA:
- Key length: 1024 bits
- Hash: MD5.
MD5 is broken in the meantime and 1024 bits keylength is not longer
considered safe.
The german BSI[1] produces a yearly document[2] that defines which
algorithms should be save for usage over the next five years. This
document rules out MD5, SHA-1 and RIPEMD-160 for hashing and key
sizes < 1976 bits for RSA keys right now.
Please update the default settings to something save for the time of the
default TTL (five years).
Bastian
[1]: Bundesamt für Sicherheit in der Informationstechnik[3]
[2]: http://www.bundesnetzagentur.de/cae/servlet/contentblob/192414/publicationFile/10008/2011AlgoKatpdf.pdf
[3]: https://www.bsi.bund.de/DE/Home/home_node.html
--
Our missions are peaceful -- not for conquest. When we do battle, it
is only because we have no choice.
-- Kirk, "The Squire of Gothos", stardate 2124.5
More information about the Pkg-puppet-devel
mailing list