[Pkg-openssl-devel] Bug#878303: genrsa manpage suggests using 1024 bit keys
Toni Mueller
toni at debian.org
Fri Oct 13 13:15:13 UTC 2017
Hi Sebastian,
On Fri, Oct 13, 2017 at 01:16:56PM +0200, Sebastian Andrzej Siewior wrote:
> On 2017-10-12 14:49:31 [+0100], Toni Mueller wrote:
> > I'm not suggesting a code change, but that the man page be updated to
> > suggest using 2048 bit keys instead.
>
> That is one way to interpret it. The default is setting are 2048 bits.
> The paragraph describes a problem keys that 64bit in size or less. I
> would just drop the last sentence.
that's also one way to go about it, but while we are at it, can we
change the "should" to a "must"? Or can the software actually generate
primes which are even smaller than 64 bits? And what would be the
applicability of such small keys, anyway?
Cheers,
--Toni++
More information about the Pkg-openssl-devel
mailing list