upstream: Increase the default RSA key size to 3072 bits. Based on

the estimates from NIST Special Publication 800-57, 3k bits provides security
equivalent to 128 bits which is the smallest symmetric cipher we enable by
default. ok markus@ deraadt@

OpenBSD-Commit-ID: 461dd32ebe808f88f4fc3ec74749b0e6bef2276b

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 5d0787728dff3acec15423d4e189080e5c4161da..5d256a159bcce112d2868cff6f3cb3cc6b612e0f 100644 (file)
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.327 2019/02/10 16:35:41 benno Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.328 2019/03/25 15:49:00 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -67,8 +67,11 @@
 # define DEFAULT_KEY_TYPE_NAME "ed25519"
 #endif
 
-/* Number of bits in the RSA/DSA key.  This value can be set on the command line. */
-#define DEFAULT_BITS           2048
+/*
+ * Default number of bits in the RSA/DSA key.  This value can be overridden
+ * on the command line.
+ */
+#define DEFAULT_BITS           3072
 #define DEFAULT_BITS_DSA       1024
 #define DEFAULT_BITS_ECDSA     256