Your message dated Sun, 24 Nov 2013 22:24:44 +0100
with message-id <[email protected]>
and subject line hashing algorithms improved in puppet 3
has caused the Debian Bug report #620739,
regarding puppet - Not longer secure key and hash defaults
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
620739: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620739
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: puppet
Version: 2.6.2-4
Severity: important
puppet have the following defaults for the CA:
- Key length: 1024 bits
- Hash: MD5.
MD5 is broken in the meantime and 1024 bits keylength is not longer
considered safe.
The german BSI[1] produces a yearly document[2] that defines which
algorithms should be save for usage over the next five years. This
document rules out MD5, SHA-1 and RIPEMD-160 for hashing and key
sizes < 1976 bits for RSA keys right now.
Please update the default settings to something save for the time of the
default TTL (five years).
Bastian
[1]: Bundesamt für Sicherheit in der Informationstechnik[3]
[2]:
http://www.bundesnetzagentur.de/cae/servlet/contentblob/192414/publicationFile/10008/2011AlgoKatpdf.pdf
[3]: https://www.bsi.bund.de/DE/Home/home_node.html
--
Our missions are peaceful -- not for conquest. When we do battle, it
is only because we have no choice.
-- Kirk, "The Squire of Gothos", stardate 2124.5
--- End Message ---
--- Begin Message ---
Version: 3.1.0-1
Puppet 3 was released with improved crypto. Closing this bug.
--
Stig Sandbeck Mathisen
--- End Message ---
