yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1103130] Re: Generated SSH key length is only 1024 bits

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 21 Feb 2013 08:53:35 -0000
Reply-to: Bug 1103130 <1103130@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: nova
       Status: Fix Committed => Fix Released

** Changed in: nova
    Milestone: None => grizzly-3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1103130

Title:
  Generated SSH key length is only 1024 bits

Status in OpenStack Compute (Nova):
  Fix Released

Bug description:
  Nova currently generates 1024 bit RSA key pairs when generating SSH
  keys. According to NIST, key lengths shorter than 2048 bits have been
  regarded as deprecated since 2011, and will be disallowed after 2013:

  http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf

  Indeed, the ssh-keygen utility in recent versions of both Ubuntu and
  Fedora already generates 2048-bit keys by default.

  Rather than force a particular key length, Nova should defer to the
  distro's default RSA key length in ssh-keygen, since this is more
  likely to be updated in accordance with the latest appropriate
  security advice.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1103130/+subscriptions