Comment 5 for bug 1455990
Revision history for this message
| Scott Kitterman (kitterman) wrote Re: [Bug 1455990] Re: quassel-core generates an insecure certificate upon installation | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
On Monday, May 18, 2015 09:14:12 PM you wrote:
> While having a 4096-bit certificate is not necessary in order to be
> secure, its only disadvantages are taking longer to generate (which I
> don't think is much of an issue because it doesn't get regenerated very
> often) and taking slightly longer for the handshake (which is
> practically negligible on modern computers).
>
> Yes, saving the md5 of the accepted certs is a bad idea. I will fix
> that.
People run quassel cores on very minimal systems and so I don't think you can
say it's necessarily negligible. If the work someone is doing is so sensitive
that a 2048 bit key is not sufficient, then it probably shouldn't be on IRC.
2048 bit keys are sufficient that there's usually easier ways to get the
information [1]. Let's not go overboard.
[1] https:/