Please sign in to comment.
Increase SSL private key from 512 to 1024 bits.
At Nicira, we are experimenting with the idea of converting XAPI SSL keys to SSH keys. In some cases this might be convenient for giving XenServers access to remote resources without distributing a second set of keys. OpenSSH, however, refuses to accept RSA keys shorter than 768 bits for use in authentication. So this change is necessary, to make XAPI generate keys longer than the current default of 512 bits. Additionally, RSA says "512-bit keys no longer provide sufficient security for anything more than very short-term security needs" (http://www.rsa.com/rsalabs/node.asp?id=2218), so this change seems like a good idea in any case. Increasing the key length makes generating the key at installation time take a bit longer, but the difference is not significant: on my desktop, "openssl genrsa 512" takes about 10 ms and "openssl genrsa 1024" takes about 100 ms. Signed-off-by: Ben Pfaff <firstname.lastname@example.org>
- Loading branch information...