[Bug 1455990] Re: quassel-core generates an insecure certificate upon installation
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to quassel in Ubuntu. https://bugs.launchpad.net/bugs/1455990 Title: quassel-core generates an insecure certificate upon installation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1455990/+subscriptions -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 1455990] Re: quassel-core generates an insecure certificate upon installation
As it's self signed certificate the signature hash algorithm doesn't matter much. 4096 bit seems a bit excessive, no? Slightly offtopic: Quassel stores the md5sum of certs the user has accepted. That's probably a bad idea. -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to quassel in Ubuntu. https://bugs.launchpad.net/bugs/1455990 Title: quassel-core generates an insecure certificate upon installation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1455990/+subscriptions -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
Re: [Bug 1455990] Re: quassel-core generates an insecure certificate upon installation
On Monday, May 18, 2015 09:14:12 PM you wrote: While having a 4096-bit certificate is not necessary in order to be secure, its only disadvantages are taking longer to generate (which I don't think is much of an issue because it doesn't get regenerated very often) and taking slightly longer for the handshake (which is practically negligible on modern computers). Yes, saving the md5 of the accepted certs is a bad idea. I will fix that. People run quassel cores on very minimal systems and so I don't think you can say it's necessarily negligible. If the work someone is doing is so sensitive that a 2048 bit key is not sufficient, then it probably shouldn't be on IRC. 2048 bit keys are sufficient that there's usually easier ways to get the information [1]. Let's not go overboard. [1] https://xkcd.com/538/ -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to quassel in Ubuntu. https://bugs.launchpad.net/bugs/1455990 Title: quassel-core generates an insecure certificate upon installation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1455990/+subscriptions -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 1455990] Re: quassel-core generates an insecure certificate upon installation
OK, here is a patch for 2048-bit certificates. I also discovered that OpenSSL generates the SHA256 hash automatically now, so there is no need to specify that explicitly. ** Patch added: certificate.debdiff https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1455990/+attachment/4399863/+files/certificate.debdiff -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to quassel in Ubuntu. https://bugs.launchpad.net/bugs/1455990 Title: quassel-core generates an insecure certificate upon installation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1455990/+subscriptions -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs