blob: d162e743f55528a72d1a5adefcd679b36e8749f8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
Author: Daniel Baumann <daniel.baumann@progress-linux.org>
Description: Setting default RSA size in ssh-keygen to 4096.
diff -Naurp openssh.orig/ssh-keygen.1 openssh/ssh-keygen.1
--- openssh.orig/ssh-keygen.1
+++ openssh/ssh-keygen.1
@@ -269,7 +269,7 @@ resistance to brute-force password crack
Show the bubblebabble digest of specified private or public key file.
.It Fl b Ar bits
Specifies the number of bits in the key to create.
-For RSA keys, the minimum size is 1024 bits and the default is 3072 bits.
+For RSA keys, the minimum size is 1024 bits and the default is 4096 bits.
Generally, 3072 bits is considered sufficient.
DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
For ECDSA keys, the
diff -Naurp openssh.orig/ssh-keygen.c openssh/ssh-keygen.c
--- openssh.orig/ssh-keygen.c
+++ openssh/ssh-keygen.c
@@ -79,7 +79,7 @@
* which a 160bit hash is acceptable is 1kbit, and since ssh-dss specifies only
* SHA1 we limit the DSA key size 1k bits.
*/
-#define DEFAULT_BITS 3072
+#define DEFAULT_BITS 4096
#define DEFAULT_BITS_DSA 1024
#define DEFAULT_BITS_ECDSA 256
|
