[Pkg-openssl-devel] Bug#878303: genrsa manpage suggests using 1024 bit keys
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Fri Oct 13 11:16:56 UTC 2017
On 2017-10-12 14:49:31 [+0100], Toni Mueller wrote:
> Package: openssl
> Version: 1.1.0f-3
> Severity: normal
> Tags: security upstream
>
>
> Hi,
>
> the genrsa(1) manpage suggests that 1024 bits may be a typical key size
> for RSA keys. I have to object - the Debian project deprecated 1024 bit
> keys in GnuPG for a reason, and recently, there was also a bug in GnuPG
> that allowed for 1024 bit keys to be broken.
>
> I'm not suggesting a code change, but that the man page be updated to
> suggest using 2048 bit keys instead.
That is one way to interpret it. The default is setting are 2048 bits.
The paragraph describes a problem keys that 64bit in size or less. I
would just drop the last sentence.
> Cheers,
> --Toni++
Sebastian
More information about the Pkg-openssl-devel
mailing list