wallix / PEPS

Innovative Open source Email + File sharing
GNU Affero General Public License v3.0
699 stars 109 forks source link

DigitalOcean Tutorial #52

Closed MumuSec closed 8 years ago

MumuSec commented 8 years ago

On your Tutorial on DigitalOcean you feature a "Example OpenSSL Key generation".

openssl genrsa -des3 -out server.key 1024

It's not only a relay bad idea to generate a 1024bit TLS key, but it is negligence to write it in a c&p tutorial.

It would be cool if you can fix this and give a example with a more secure key length.

-MuhPirat

MumuSec commented 8 years ago

@hbbio

hbbio commented 8 years ago

Sorry for not answering sooner. You're right in that 2048 bit keys are necessary, but most valuable cert providers (including LetsEncrypt) will not allow 1024 bit keys. Some people also told us that generating self-signed keys is a bad idea for a tutorial, but as you can understand our goal is to jump asap to Peps itself.

MumuSec commented 8 years ago

Hey, no problem. Thanks for your response.

Yes, I can understand that you want to jump to Peps itself. But 1024bit keys are rely never a good idea. Not for productive, testing or co. as soon as some login information or co. will be transmitted it should have at lease 2048bit and even this will be brake in the next 6 years.

So have a great week end!

//MuhPirat