RSA default key size of 2048 bits too large for low-spec systems
Brent Roman
brent at mbari.org
Sat Jun 24 09:31:16 AWST 2017
I recently upgraded some low power ARM9 systems from dropbear v0.52 to
v2017.75
Everything went well until a system system tried to generate server keys
on first boot.
Then it hung while working to generate the default 2048 bit RSA key.
Further investigation determined that it had not really hung.
Given many tens of minutes, it would complete the initial boot.
Why did we decide to change the default to 2048 bit keys given the cost
of generating these on the embedded systems for which it is intended to run?
The #define for setting the default key size is currently in a .c file.
Could this be moved to the options.h file with a comment recommending
reducing the default size when targeting slow systems?
Note, I do realize that there is a -s option for dropbearkey, but the
appropriate values for that option are dependent on the key algorithm
selected. I believe the defaults should always be usable.
Dropbear is a great piece of Open Source software.
I hope you'll consider this small change.
- brent
More information about the Dropbear
mailing list