free
/
freedombone
Sledovat 1
Oblíbit 0
Rozštěpit 0
Zdrojový kód Úkoly 0 Požadavky na natažení 0 Vydání 0 Wiki Activity
Procházet zdrojové kódy

Bumping default dh key lengths

Bob Mottram před 9 roky
rodič
3ddeb7fa94
revize
b994a9c66c
5 změnil soubory, kde provedl 9 přidání a 7 odebrání
Rozdělené zobrazení Ukázat statistiku rozdílových dat
  1. 2
    2
      doc/EN/beaglebone.txt
  2. 1
    1
      src/freedombone
  3. 1
    1
      src/freedombone-addcert
  4. 3
    1
      src/freedombone-config
  5. 2
    2
      src/freedombone-sec

+ 2
- 2
doc/EN/beaglebone.txt Zobrazit soubor 

@@ -1650,7 +1650,7 @@ openssl req \
1650 1650 
   -keyout /etc/ssl/private/$HOSTNAME.key \
1651 1651 
   -out /etc/ssl/certs/$HOSTNAME.crt
1652 1652
1653 
-openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$HOSTNAME.dhparam
1653 
+openssl dhparam -check -text -5 2048 -out /etc/ssl/certs/$HOSTNAME.dhparam
1654 1654
1655 1655 
 chmod 400 /etc/ssl/private/$HOSTNAME.key
1656 1656 
 chmod 640 /etc/ssl/certs/$HOSTNAME.crt
 
@@ -7362,7 +7362,7 @@ PATH='/usr/local/sbin:/usr/local/bin:/usr/bin:/sbin:/usr/sbin:/bin'
7362 7362
7363 7363 
 initialrepair_start() {
7364 7364 
 echo "Starting $SERVICE..."
7365 
-su --command "screen -h 1024 -dmS ${SERVICE} ${INVOCATION}" root
7365 
+su --command "screen -h 2048 -dmS ${SERVICE} ${INVOCATION}" root
7366 7366 
 }
7367 7367
7368 7368

+ 1
- 1
src/freedombone Zobrazit soubor 

@@ -417,7 +417,7 @@ ZERONET_DEFAULT_FORUM_TAGLINE="A decentralized discussion group"
417 417 
 IPFS_PORT=4001
418 418
419 419 
 # Default diffie-hellman key length in bits
420 
-DH_KEYLENGTH=1024
420 
+DH_KEYLENGTH=2048
421 421
422 422 
 # repo for atheros AR9271 wifi driver
423 423 
 ATHEROS_WIFI_REPO='https://github.com/qca/open-ath9k-htc-firmware.git'

+ 1
- 1
src/freedombone-addcert Zobrazit soubor 

@@ -36,7 +36,7 @@ ORGANISATION="Freedombone"
36 36 
 UNIT="Freedombone Unit"
37 37 
 EXTENSIONS=""
38 38 
 NODH=
39 
-DH_KEYLENGTH=1024
39 
+DH_KEYLENGTH=2048
40 40
41 41 
 function show_help {
42 42 
     echo ''

+ 3
- 1
src/freedombone-config Zobrazit soubor 

@@ -695,7 +695,9 @@ function interactive_configuration {
695 695 
     if [[ $INSTALLING_ON_BBB == "yes" ]]; then
696 696 
         USB_DRIVE=/dev/sda1
697 697 
         # here a short diffie-hellman key length is used, because otherwise creation of keys
698 
-        # becomes impractically long on the beaglebone.
698 
+        # becomes impractically long on the beaglebone. It is known (as of 2015) that
699 
+        # 1024bit DH may be breakable, so this is really a tradeoff between security and the
700 
+        # available hardware
699 701 
         DH_KEYLENGTH=1024
700 702 
     fi
701 703 
     save_configuration_file

+ 2
- 2
src/freedombone-sec Zobrazit soubor 

@@ -53,7 +53,7 @@ CURRENT_DIR=$(pwd)
53 53 
 REGENERATE_SSH_HOST_KEYS="no"
54 54 
 REGENERATE_DH_KEYS="no"
55 55 
 RESET_TRIPWIRE="no"
56 
-DH_KEYLENGTH=1024
56 
+DH_KEYLENGTH=2048
57 57
58 58 
 function get_protocols_from_website {
59 59 
   if [ ! -f $WEBSITES_DIRECTORY/$1 ]; then
 
@@ -347,7 +347,7 @@ function regenerate_dh_keys {
347 347 
       dialog --backtitle "Freedombone Security Configuration" \
348 348 
              --title "Diffie-Hellman key length" \
349 349 
              --radiolist "The smaller length is better suited to low power embedded systems:" 12 40 3 \
350 
-             1 "1024 bits" off \
350 
+             1 "1024 bits (WARNING: this may be insecure)" off \
351 351 
              2 "2048 bits" on \
352 352 
              3 "3072 bits" off 2> $data
353 353 
       sel=$?