[Pkg-puppet-devel] Bug#620739: puppet - Not longer secure key and hash defaults
waldi at debian.org
Sun Apr 3 18:41:38 UTC 2011
puppet have the following defaults for the CA:
- Key length: 1024 bits
- Hash: MD5.
MD5 is broken in the meantime and 1024 bits keylength is not longer
The german BSI produces a yearly document that defines which
algorithms should be save for usage over the next five years. This
document rules out MD5, SHA-1 and RIPEMD-160 for hashing and key
sizes < 1976 bits for RSA keys right now.
Please update the default settings to something save for the time of the
default TTL (five years).
: Bundesamt für Sicherheit in der Informationstechnik
Our missions are peaceful -- not for conquest. When we do battle, it
is only because we have no choice.
-- Kirk, "The Squire of Gothos", stardate 2124.5
More information about the Pkg-puppet-devel