[Pkg-openssl-devel] Bug#878303: genrsa manpage suggests using 1024 bit keys

Toni Mueller toni at debian.org
Thu Oct 12 13:49:31 UTC 2017


Package: openssl
Version: 1.1.0f-3
Severity: normal
Tags: security upstream


Hi,

the genrsa(1) manpage suggests that 1024 bits may be a typical key size
for RSA keys. I have to object - the Debian project deprecated 1024 bit
keys in GnuPG for a reason, and recently, there was also a bug in GnuPG
that allowed for 1024 bit keys to be broken.

I'm not suggesting a code change, but that the man page be updated to
suggest using 2048 bit keys instead.


Cheers,
--Toni++



-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openssl depends on:
ii  libc6      2.24-11+deb9u1
ii  libssl1.1  1.1.0f-3

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates  20161130+nmu1

-- no debconf information



More information about the Pkg-openssl-devel mailing list