Project

General

Profile

Feature #1098

Changing default key size for DH Params to 2048 bit

Added by jtpreston about 6 years ago. Updated about 6 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Apps
Target version:
Start date:
09/02/2013
Due date:
% Done:

0%


Description

I would suggest as a matter of security that a default install of OpenVPN through Amahi generate 2048 bit Diffie-Hellmann parameters instead of 1024 bit parameters. I say this because the NSA has said 1024 bit would only be good through 2010 whereas 2048 bit would be good until 2030. 2048 bit is much more secure and not much slower than 1024 bit. If this were implemented, hopefully some sort of patch option would be available to users who currently use 1024 bit who don't want to possibly mess up their VPN by regenerating all of their certificates. One idea for this would be to integrate a certificate generating authority directly into the http://hda/ page and users could fill out in the appropriate fields and it would generate/regenerate their keys rather than using the command line and downloading easy-rsa from github.

Thanks,

Tyler

History

#1 Updated by bigfoot65 about 6 years ago

  • Tracker changed from Bug to Feature
  • Project changed from platform to apps
  • Category set to Apps
  • Assignee deleted (jtpreston)
  • Priority changed from Medium to Normal
  • Target version set to amahi-7-1

Also available in: Atom