Package: prosody Version: 0.8.2-1 Severity: wishlist /var/lib/dpkg/info/prosody.postinst contains an invocation of openssl req -new ... which appears to default to creating a 1024-bit RSA key, due to default_bits being set to 1024 in /etc/ssl/openssl.cnf
However, we should be moving to 2048-bit keys by default. As i wrote in #598732: > It should default to 2048 bits at least, not 1024. > > * many free software crypto tools are defaulting to 2048-bit keys now > (e.g. OpenSSH, GnuPG) > > * NIST has recommended avoiding reliance on 1024-bit keys after the > end of 2010 > > * you can compare other comparable standards at http://keylength.com/ Please update the prosody postinst script to supply the additional arguments "-newkey rsa:2048" to openssl req. Regards, --dkg -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 3.0.0-1-686-pae (SMP w/1 CPU core) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages prosody depends on: ii adduser 3.113 ii libc6 2.13-21 ii libidn11 1.22-3 ii liblua5.1-0 5.1.4-10 ii liblua5.1-expat0 1.2.0-3 ii liblua5.1-filesystem0 1.5.0-2 ii liblua5.1-socket2 2.0.2-6 ii libssl1.0.0 1.0.0e-2 ii lua5.1 5.1.4-10 ii openssl 1.0.0e-2 Versions of packages prosody recommends: pn liblua5.1-event0 <none> pn liblua5.1-sec1 <none> prosody suggests no packages. -- Configuration Files: /etc/prosody/conf.avail/example.com.cfg.lua [Errno 13] Permission denied: u'/etc/prosody/conf.avail/example.com.cfg.lua' /etc/prosody/conf.avail/localhost.cfg.lua [Errno 13] Permission denied: u'/etc/prosody/conf.avail/localhost.cfg.lua' /etc/prosody/prosody.cfg.lua [Errno 13] Permission denied: u'/etc/prosody/prosody.cfg.lua' -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
