Changing default key size for DH Params to 2048 bit

jtpreston
Posts: 5
Joined: Sat Aug 24, 2013 12:25 pm

Changing default key size for DH Params to 2048 bit

Postby jtpreston » Sun Sep 01, 2013 9:50 pm

I would suggest as a matter of security that a default install of OpenVPN through Amahi generate 2048 bit Diffie-Hellmann parameters instead of 1024 bit parameters. I say this because the NSA has said 1024 bit would only be good through 2010 whereas 2048 bit would be good until 2030. 2048 bit is much more secure and not much slower than 1024 bit. If this were implemented, hopefully some sort of patch option would be available to users who currently use 1024 bit who don't want to possibly mess up their VPN by regenerating all of their certificates. One idea for this would be to integrate a certificate generating authority directly into the http://hda/ page and users could fill out in the appropriate fields and it would generate/regenerate their keys rather than using the command line and downloading easy-rsa from github.

Thanks,

Tyler

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: Changing default key size for DH Params to 2048 bit

Postby bigfoot65 » Mon Sep 02, 2013 7:17 am

Please suggest this as a feature in our bug tracker.
https://bugs.amahi.org
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

Who is online

Users browsing this forum: No registered users and 5 guests