Bug#904686: ssl-cert: RSA keylength is getting a bit short
Package: ssl-cert
Version: 1.0.39
Severity: wishlist
The current default keylength for the snakeoil cert is 2048 bits. However,
these certs could now live for ten years (3650 days), which as I type
this could be upto 2028.
Various technical bodies are recently that for long-lived secrets,
a factoring modulus (i.e., RSA key size) of 3072 bits is recommended:
https://www.keylength.com/en/4/
https://www.keylength.com/en/compare/
2048b should be good until the year 2030, but we're approaching that now:
https://en.wikipedia.org/wiki/Key_size#Asymmetric_algorithm_key_lengths
While most commercial certificate authorities (CAs) give out 2048 bit
certficites, those are only valid for 1-2 years (90 days in the case
of Let's Encrypt), so the risk is much less in the short term.
Can "-newkey rsa:3072" be added to the ssl-cert script for better
future proofing?
-- System Information:
Debian Release: 9.5
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-7-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages ssl-cert depends on:
ii adduser 3.115
ii debconf [debconf-2.0] 1.5.61
ii openssl 1.1.0f-3+deb9u2
ssl-cert recommends no packages.
Versions of packages ssl-cert suggests:
pn openssl-blacklist <none>
-- debconf information excluded
Reply to: