Hi!
I just read about the Logjam attack to Diffie-Hellman.
https://weakdh.org/imperfect-forward-secrecy.pdf
| We provide new estimates for the computational resources necessary
| to compute discrete logarithms in groups of these sizes, concluding
| that 768-bit groups are within range of academic teams, and
| 1024-bit groups may plausibly be within range of state-level
| attackers.
(in German)
http://www.heise.de/newsticker/meldung/Logjam-Attacke-Verschluesselung-von-zehntausenden-Servern-gefaehrdet-2657502.html
openssl-1.0.1m still comes with
default_bits = 1024
in apps/openssl.cnf (in the source tar-archive).
Looks like openssl-1.0.2a has been upgraded to at least 2048.
Did you consider to raising openssl-1.0.1m up to 1024 bits too?
Additionally I found some more places with less than 2048 in the
openssl-1.0.1m source tar-archive. But I'm not sure if those values may not be
relevant or just for testing purposes:
./test/P2ss.cnf:10:default_bits = 1024
./test/CAtsa.cnf:54:default_bits= 1024
./test/P1ss.cnf:10:default_bits = 1024
./test/test.cnf:59:default_bits = 1024
./apps/openssl-vms.cnf:106:default_bits = 1024
./apps/openssl.cnf:106:default_bits = 1024
./crypto/conf/ssleay.cnf:15:default_bits= 512
./crypto/conf/ssleay.cnf:19:default_bits= 512
./crypto/conf/ssleay.cnf:51:default_bits= 512
./doc/apps/req.pod:534: default_bits= 1024
./doc/apps/req.pod:575: default_bits= 1024
./doc/ssleay.txt:6935:default_bits = 512 # default number of
bits to use.
openssl-1.0.2a.tar.gz looks similar:
./test/P2ss.cnf:10:default_bits = 1024
./test/CAtsa.cnf:54:default_bits= 1024
./test/P1ss.cnf:10:default_bits = 1024
./test/test.cnf:59:default_bits = 1024
./crypto/conf/ssleay.cnf:15:default_bits= 512
./crypto/conf/ssleay.cnf:19:default_bits= 512
./crypto/conf/ssleay.cnf:51:default_bits= 512
./doc/apps/req.pod:534: default_bits= 1024
./doc/apps/req.pod:575: default_bits= 1024
./doc/ssleay.txt:6935:default_bits = 512 # default number of
bits to use.
Kind regards,
kolAflash
--
E-Mail: kolafl...@kolahilft.de
PGP key: 0xD83C3408
http://misc.kolahilft.de/pgp/kolAflash_0xD83C3408.asc
https://en.wikipedia.org/wiki/Pretty_Good_Privacy
https://de.wikipedia.org/wiki/OpenPGP
Chat via Jabber/XMPP: kolafl...@jabber.ccc.de
https://en.wikipedia.org/wiki/XMPP
https://de.wikipedia.org/wiki/XMPP
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev