DigitalOcean Tutorial

Question

DigitalOcean Tutorial

MumuSec opened this issue 9 years ago · 3 comments

MumuSec commented 9 years ago

On your Tutorial on DigitalOcean you feature a "Example OpenSSL Key generation".

openssl genrsa -des3 -out server.key 1024

It's not only a relay bad idea to generate a 1024bit TLS key, but it is negligence to write it in a c&p tutorial.

It would be cool if you can fix this and give a example with a more secure key length.

-MuhPirat

MumuSec commented 9 years ago

@hbbio

Answer 1 · 2016-03-17T10:47:10.000Z

Sorry for not answering sooner. You're right in that 2048 bit keys are necessary, but most valuable cert providers (including LetsEncrypt) will not allow 1024 bit keys. Some people also told us that generating self-signed keys is a bad idea for a tutorial, but as you can understand our goal is to jump asap to Peps itself.

Answer 2 · 2016-03-18T23:51:26.000Z

Hey, no problem. Thanks for your response.

Yes, I can understand that you want to jump to Peps itself. But 1024bit keys are rely never a good idea. Not for productive, testing or co. as soon as some login information or co. will be transmitted it should have at lease 2048bit and even this will be brake in the next 6 years.

So have a great week end!

//MuhPirat