| commit | d739a920c91b8fbc9ce39e11e84e76d54dc5531e | |
| author | Kyle J. McKay <mackyle@gmail.com> | |
| Tue, 29 Jan 2019 06:35:25 +0000 (28 23:35 -0700) | ||
| committer | Kyle J. McKay <mackyle@gmail.com> | |
| Tue, 29 Jan 2019 06:35:25 +0000 (28 23:35 -0700) | ||
| tree | 1310283133d52c03ad4ab6f145f77674e618bb81 | treesnapshot (tar.gz zip) |
| parent | d072721712354878508c945a1087aef2e6b30285 | commitdiff |
User.pm: kindly suggest too large keys are unfriendly
There's no compelling reason to allow keys larger than 16384 bits
in length. In fact, an RSA key of 15360 bits in length provides
an equivalent security strength of 256 bits; perhaps that should
be the maximum, but some software does round up and allow 16384 bits
so we'll go ahead and allow up to that long.
The handshake for very long keys imposes a computational burden on
the server so it behooves us to put a maximum in place to avoid
any unfortunate DOS attacks with regard to that.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
There's no compelling reason to allow keys larger than 16384 bits
in length. In fact, an RSA key of 15360 bits in length provides
an equivalent security strength of 256 bits; perhaps that should
be the maximum, but some software does round up and allow 16384 bits
so we'll go ahead and allow up to that long.
The handshake for very long keys imposes a computational burden on
the server so it behooves us to put a maximum in place to avoid
any unfortunate DOS attacks with regard to that.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
| Girocco/User.pm | diffblobblamehistory |