From f47269ea67eb4ff87454bf0d2a03e55532786482 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Mon, 25 Mar 2019 15:49:00 +0000 Subject: [PATCH] upstream: Increase the default RSA key size to 3072 bits. Based on the estimates from NIST Special Publication 800-57, 3k bits provides security equivalent to 128 bits which is the smallest symmetric cipher we enable by default. ok markus@ deraadt@ OpenBSD-Commit-ID: 461dd32ebe808f88f4fc3ec74749b0e6bef2276b --- ssh-keygen.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ssh-keygen.c b/ssh-keygen.c index 5d0787728..5d256a159 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.327 2019/02/10 16:35:41 benno Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.328 2019/03/25 15:49:00 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -67,8 +67,11 @@ # define DEFAULT_KEY_TYPE_NAME "ed25519" #endif -/* Number of bits in the RSA/DSA key. This value can be set on the command line. */ -#define DEFAULT_BITS 2048 +/* + * Default number of bits in the RSA/DSA key. This value can be overridden + * on the command line. + */ +#define DEFAULT_BITS 3072 #define DEFAULT_BITS_DSA 1024 #define DEFAULT_BITS_ECDSA 256