4 files changed, 12 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index b439cbecd..728026a62 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,10 @@
     [auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
     introduce a generic %foo expansion function. replace existing % expansion 
     and add expansion to ControlPath; ok markus@
+   - djm@cvs.openbsd.org 2005/06/08 03:50:00
+     [ssh-keygen.1 ssh-keygen.c sshd.8]
+     increase default rsa/dsa key length from 1024 to 2048 bits;
+     ok markus@ deraadt@
 20050609
 - (dtucker) [cipher.c openbsd-compat/Makefile.in
@@ -2702,4 +2706,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3817 2005/06/16 03:18:34 djm Exp $
+$Id: ChangeLog,v 1.3818 2005/06/16 03:19:06 djm Exp $
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index ac0b72764..5454d00ce 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.68 2005/04/21 06:17:50 djm Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.69 2005/06/08 03:50:00 djm Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -188,8 +188,8 @@ Show the bubblebabble digest of specified private or public key file.
 .It Fl b Ar bits
 Specifies the number of bits in the key to create.
 Minimum is 512 bits.
-Generally, 1024 bits is considered sufficient.
+Generally, 2048 bits is considered sufficient.
-The default is 1024 bits.
+The default is 2048 bits.
 .It Fl C Ar comment
 Provides a new comment.
 .It Fl c
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 246c7d50f..828d2be79 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.126 2005/05/26 09:08:12 dtucker Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.127 2005/06/08 03:50:00 djm Exp $");
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -36,7 +36,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.126 2005/05/26 09:08:12 dtucker Exp $");
 #include "dns.h"
 /* Number of bits in the RSA/DSA key.  This value can be changed on the command line. */
-u_int32_t bits = 1024;
+u_int32_t bits = 2048;
 /*
 * Flag indicating that we just want to change the passphrase.  This can be
diff --git a/sshd.8 b/sshd.8
index 6acdda130..fdff4ac91 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.207 2005/04/21 06:17:50 djm Exp $
+.\" $OpenBSD: sshd.8,v 1.208 2005/06/08 03:50:00 djm Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -80,7 +80,7 @@ supports both SSH protocol version 1 and 2 simultaneously.
 works as follows:
 .Ss SSH protocol version 1
 Each host has a host-specific RSA key
-(normally 1024 bits) used to identify the host.
+(normally 2048 bits) used to identify the host.
 Additionally, when
 the daemon starts, it generates a server RSA key (normally 768 bits).
 This key is normally regenerated every hour if it has been used, and