[Pkg-puppet-devel] Bug#620739: puppet - Not longer secure key and hash defaults
micah anderson
micah at riseup.net
Mon Apr 4 03:08:25 UTC 2011
reassign 620739 puppet-common
merge 620739 617614
thanks
Hi,
On Sun, 3 Apr 2011 20:41:38 +0200, Bastian Blank <waldi at debian.org> wrote:
>
> puppet have the following defaults for the CA:
> - Key length: 1024 bits
> - Hash: MD5.
>
> MD5 is broken in the meantime and 1024 bits keylength is not longer
> considered safe.
>
> The german BSI[1] produces a yearly document[2] that defines which
> algorithms should be save for usage over the next five years. This
> document rules out MD5, SHA-1 and RIPEMD-160 for hashing and key
> sizes < 1976 bits for RSA keys right now.
Thanks for the report, but this was already reported a month ago, and
sent upstream. I will include your additional information from BSI in
the upstream bug.
micah
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/attachments/20110403/7ac8ae15/attachment.pgp>
More information about the Pkg-puppet-devel
mailing list