Bug#732728: quassel-core: 1024 bit key is not secure

Fri, 20 Dec 2013 10:34:20 -0800 

Package: quassel-core
Version: 0.9.2-1
Severity: normal
Tags: patch

When installing quassel-core a 1024 bit private RSA key is generated,
but a 1024 bit key is considered not sufficient for quite some time now.
In the postinst script the nbits value is explicitly set to 1024 and I
see no reason why. According to man:req 
"The argument takes one of several forms. rsa:nbits, where nbits is the
number of bits, generates an RSA key nbits in size. If nbits is omitted,
i.e. -newkey rsa specified, the default key size, specified in the
configuration file is used."

So by not specifying the nbits part, the default (currently 2048) is
used, so the following patch does exactly that.

diff --git a/postinst b/postinst
index b53ac33..87dba5e 100755
--- a/postinst
+++ b/postinst
@@ -40,7 +40,7 @@ fi
 # FIXME: Not over-writing existing certs, but need to (someday) replace
 # old certs
  if [ ! -e $QUASSEL_CERT ] ; then
    echo "Generating SSL certificate as $QUASSEL_CERT ..."
-   openssl req -x509 -nodes -batch -days 680 -newkey rsa:1024 -keyout \
+   openssl req -x509 -nodes -batch -days 680 -newkey rsa -keyout \
    $QUASSEL_CERT -out $QUASSEL_CERT
    chown $QUASSEL_USER:$QUASSEL_GROUP $QUASSEL_CERT
  fi

Cheers,
  Diederik

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-updates'), (500, 'unstable'), 
(1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.11-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages quassel-core depends on:
ii  adduser            3.113+nmu3
ii  libc6              2.17-97
ii  libgcc1            1:4.8.2-1
ii  libqca2            2.0.3-5
ii  libqt4-network     4:4.8.5+git192-g085f851+dfsg-2
ii  libqt4-script      4:4.8.5+git192-g085f851+dfsg-2
ii  libqt4-sql         4:4.8.5+git192-g085f851+dfsg-2
ii  libqt4-sql-sqlite  4:4.8.5+git192-g085f851+dfsg-2
ii  libqtcore4         4:4.8.5+git192-g085f851+dfsg-2
ii  libstdc++6         4.8.2-1
ii  lsb-base           4.1+Debian12
ii  openssl            1.0.1e-4

quassel-core recommends no packages.

quassel-core suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to