Bug 1039311

Summary: dropbearkey should create at least 3072 bit RSA keys
Product: [Fedora] Fedora Reporter: Till Maas <opensource>
Component: dropbearAssignee: Christopher Meng <i>
Status: MODIFIED --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: high    
Version: rawhideCC: buytenh, i, itamar, opensource
Target Milestone: ---Keywords: FutureFeature, Tracking
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Till Maas 2013-12-07 20:55:35 UTC 
Description of problem:
The European Union Agency for Network and Information Security recommends to use at least RSA 3072: http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report

dropbearkey in F19 and EPEL6 creates RSA 1024 keys by default.


Version-Release number of selected component (if applicable):
dropbear-2013.59-1.fc19
dropbear-2013.59-1.el6

How reproducible:
always

Steps to Reproduce:
1.dropbearkey -t rsa -f dropbear_rsa_host_key

Actual results:
Will output 1024 bit rsa secret key to 'dropbear_rsa_host_key'

Expected results:
Should be 3072 bit

Additional info:
Please fix this both in EPEL and Fedora
Comment 1 Christopher Meng 2013-12-11 06:59:52 UTC 
1. I've already came up with a idea that generating keys in %post section.

It's controllable for the key length but I'm not sure if users will accept this change.

2. I think this should be fixed in upstream but not here.

3. What about the states in the US?
Comment 2 Till Maas 2013-12-21 08:35:24 UTC 
(In reply to Christopher Meng from comment #1)
> 1. I've already came up with a idea that generating keys in %post section.

Creating keys during %post might lead to problems because of missing entropy. 

> 2. I think this should be fixed in upstream but not here.

Regardless of whether upstream thinks this is a good idea, it should be changed in Fedora. However, it is a good idea to forward this information to them.
For example it does not make sense to use different default key sizes in dropbear-keygen and ssh-keygen.

> 3. What about the states in the US?

The NIST allows RSA 2048 keys:
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf

Therefore RSA 3072 keys would be allowed by the NIST as well. However, since several packages seem to be affected, I am going to get a packaging guideline for this.
Comment 3 Christopher Meng 2013-12-22 00:59:26 UTC 
I've seen your post at security list, I will follow up.
Comment 4 Fedora Update System 2018-04-06 15:47:02 UTC 
dropbear-2018.76-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-ff2964dadb