Package: openssl Version: 1.1.0f-3 Severity: normal Tags: security upstream
Hi, the genrsa(1) manpage suggests that 1024 bits may be a typical key size for RSA keys. I have to object - the Debian project deprecated 1024 bit keys in GnuPG for a reason, and recently, there was also a bug in GnuPG that allowed for 1024 bit keys to be broken. I'm not suggesting a code change, but that the man page be updated to suggest using 2048 bit keys instead. Cheers, --Toni++ -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (990, 'stable'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openssl depends on: ii libc6 2.24-11+deb9u1 ii libssl1.1 1.1.0f-3 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20161130+nmu1 -- no debconf information