From f47269ea67eb4ff87454bf0d2a03e55532786482 Mon Sep 17 00:00:00 2001
From: "dtucker@openbsd.org" <dtucker@openbsd.org>
Date: Mon, 25 Mar 2019 15:49:00 +0000
Subject: upstream: Increase the default RSA key size to 3072 bits. Based on

the estimates from NIST Special Publication 800-57, 3k bits provides security
equivalent to 128 bits which is the smallest symmetric cipher we enable by
default. ok markus@ deraadt@

OpenBSD-Commit-ID: 461dd32ebe808f88f4fc3ec74749b0e6bef2276b
---
 ssh-keygen.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'ssh-keygen.c')

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 5d0787728..5d256a159 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.327 2019/02/10 16:35:41 benno Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.328 2019/03/25 15:49:00 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -67,8 +67,11 @@
 # define DEFAULT_KEY_TYPE_NAME "ed25519"
 #endif
 
-/* Number of bits in the RSA/DSA key.  This value can be set on the command line. */
-#define DEFAULT_BITS		2048
+/*
+ * Default number of bits in the RSA/DSA key.  This value can be overridden
+ * on the command line.
+ */
+#define DEFAULT_BITS		3072
 #define DEFAULT_BITS_DSA	1024
 #define DEFAULT_BITS_ECDSA	256
 
-- 
cgit v1.2.3