Hi Rich, Am 08.09.2014 23:59, schrieb Salz, Rich: > We are considering changing the default keysize (RSA, DSA, DH) from 1K > to 2K, and changing the default signing digest from SHA-1 to SHA-256. May I suggest 4096 bit with SHA-256.
That way you have a security level of >= 128 bit for both primitives and as the weakest link counts ... Also: attacks only get better over time. > > We’ve already committed this to HEAD/master. We would like to make this > change in the upcoming 1.0.2 release as well. Several downstream > distributions, such as Debian, have already done this. Microsoft has > already announced deprecation of SHA-1 certificates, and Google just > recently posted a fairly aggressive plan for Chrome. And Chrome+Firefox still happily uses MD5 to sign SPKAC after offering you to create Low (512), Medium (1024) or High (2048) grade encryption keys (patch available for ages BTW) ... > > Does anyone have strong objections? The only objection I have regarding this change is that originally intended one reflects only the bare minimum of the chosen primitives that you can widely use without being deprecated. Why aren't people thinking ahead for a moment and try to set defaults more to the middle of the practical range*. *for digests this unfortunately is SHA-256 through SHA-256 as GnuTLS 2.x (available on most Debian Stable boxes) barfs on anything else like SHA-384 or SHA-512. Kind regards, BenBE. > > > -- > > Principal Security Engineer > > Akamai Technologies, Cambridge MA > > IM: rs...@jabber.me <mailto:rs...@jabber.me> Twitter: RichSalz > > >
signature.asc
Description: OpenPGP digital signature