Changing default key size for DH Params to 2048 bit
Posted: Sun Sep 01, 2013 9:50 pm
I would suggest as a matter of security that a default install of OpenVPN through Amahi generate 2048 bit Diffie-Hellmann parameters instead of 1024 bit parameters. I say this because the NSA has said 1024 bit would only be good through 2010 whereas 2048 bit would be good until 2030. 2048 bit is much more secure and not much slower than 1024 bit. If this were implemented, hopefully some sort of patch option would be available to users who currently use 1024 bit who don't want to possibly mess up their VPN by regenerating all of their certificates. One idea for this would be to integrate a certificate generating authority directly into the http://hda/ page and users could fill out in the appropriate fields and it would generate/regenerate their keys rather than using the command line and downloading easy-rsa from github.
Thanks,
Tyler
Thanks,
Tyler