blob: 325060fb0c5ff494dc8bc894a61ac738fff80cd8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Author: Daniel Baumann <daniel.baumann@progress-linux.org>
Description: Setting default RSA size in ssh-keygen to 4096.
diff -Naurp openssh.orig/ssh-keygen.1 openssh/ssh-keygen.1
--- openssh.orig/ssh-keygen.1
+++ openssh/ssh-keygen.1
@@ -242,8 +242,8 @@ This option specifies the number of prim
Show the bubblebabble digest of specified private or public key file.
.It Fl b Ar bits
Specifies the number of bits in the key to create.
-For RSA keys, the minimum size is 1024 bits and the default is 2048 bits.
-Generally, 2048 bits is considered sufficient.
+For RSA keys, the minimum size is 1024 bits and the default is 4096 bits.
+Generally, 3072 bits is currently considered sufficient.
DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
For ECDSA keys, the
.Fl b
diff -Naurp openssh.orig/ssh-keygen.c openssh/ssh-keygen.c
--- openssh.orig/ssh-keygen.c
+++ openssh/ssh-keygen.c
@@ -64,7 +64,7 @@
#define DEFAULT_KEY_TYPE_NAME "ed25519"
/* Number of bits in the RSA/DSA key. This value can be set on the command line. */
-#define DEFAULT_BITS 2048
+#define DEFAULT_BITS 4096
#define DEFAULT_BITS_DSA 1024
#define DEFAULT_BITS_ECDSA 256
u_int32_t bits = 0;
|
