available crypto policies
Kurt Seifried
kseifried at redhat.com
Thu Jun 5 16:10:59 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/05/2014 08:41 AM, Eric H. Christensen wrote:
> On Wed, Jun 04, 2014 at 03:15:33PM +0200, Nikos Mavrogiannopoulos
> wrote:
>> On Wed, 2014-06-04 at 09:05 -0400, Simo Sorce wrote:
>>>>> According to http://www.keylength.com/en/compare/ the
>>>>> asymetric sizes do not match the symmetric size according
>>>>> to most sources listed on
>>>>> http://www.keylength.com/en/compare/.
>>>>
>>>> That's old version. New one
>>>> (https://fedoraproject.org/wiki/Changes/CryptoPolicy) is:
>>>> Legacy: 767+ default: 1023+
>>> shouldn't this be 2047+ ?
>
>> If we do that then the applications that use these settings will
>> be unable to talk to any servers that offer 1024 keys. Given the
>> number of these servers that would be a good reason for
>> applications not switching to this centrally managed
>> configuration system. That is we'd have these settings as in a
>> museum and no-one will be using them.
>
> Who still uses 1024-bit keys? You aren't finding a CA to sign
> them.
>
> -- Eric
Some legacy hardware, stuff with brain dead interfaces that doesn't
give an option to create longer keys. I can't name anything off hand
(it's been years since I saw anything like this) but I have to assume
they're still out there in production.
- --
Kurt Seifried - Red Hat - Product Security - Cloud stuff and such
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJTkJaTAAoJEBYNRVNeJnmTQt4QAIyGaEcaD6ynSwMbeVOe4fit
foxQVG0ddKVTUuwUPWEGbcPe3HEUMPEhJ8iduLoJay4FBzesouUEdHxL1FQZ1zT2
wBGjDx6RTWnUSeYsWRgRW4LzS6zhNZp5690z0P7qQ0JznO9prlqn1lyohHm41tWV
gtf0xNjKyQsPMGYlzLPvrEpuOicdnPEkLxLawB8XNr5kwPxycK8CeTRlphNlmk+x
UNDzrPkoE4yIhyt+8ls44AW7NfKH+EWvkcX7P353xsrQ5YMHVm/lOrx7aZbJgLXe
Sl8ZkW437nhqaswm4wVMlLIto3ene4VR5RVLIhYs8nSzRWSNydST1TsDVSFj3M+1
X1oCxzEfGOXckCrxzktkLupulzn08//bdWp5GFRSR331EGwoB1k0FqxjxXy25FPD
8+4iK8mk1fyyHnHg6qT9WMoUcJ9IsWkbtl1A7isQ/cqtaV/cDG9/AbFiHY/CgCFd
VqXhOD6/f8lBgh4CspWdQsDnvSDmoOEdDre20Y/mjsbriFNC3Zy0jPri1bN/aeOj
9e0AipkYkcQGpZ+SeYXmUxk+wjocIeTtaPzk8htDZsm1YsJE3w5lxzsGj/Y2Srg5
YBzfIkhgu3kLPInPd/tx4cofZv7LaXAYZ2RXN6OetZvqX/xXVkaK9JO+ef4JCC8C
Hk5znS1T0S/gCjntPo7E
=mMlN
-----END PGP SIGNATURE-----
More information about the security
mailing list