On Sat, Jul 19, 2014 at 05:41:41AM -0400, Theodore Ts'o wrote: > > I take a somewhat different philosophical position, which is that it's > impossible to make something moron-proof, because morons are > incredibly ingenious :-), and there are legitimate times when you > might indeed want more than 256 bytes (for example, generating a 4096 > bit RSA key pair).
I believe 128 bit entropy should be sufficient to generate a 4096 bit RSA key, but you might want to take some more. I think 2048 bit (256 byte) is a little bit overkill for it, and I'm not sure what amout of entropy the kernel can really give. Kurt -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140719103602.ga15...@roeckx.be