reduce minimum crypto key size to 1024bit

Since the key is used for AES/3DES and HMAC operations only, this is
safe. AES/3DES use keys in the 128- to 256-bit range, HMAC with
MD5/SHA1/SHA2 should use keys with a minimum of 128- to 512-bit (in both
cases, depending on the actual algorithm used).

This reduction also keeps knet compatible with existing Corosync 2.x
keyfiles, which are 1024-bit.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

diff --git a/libknet/libknet.h b/libknet/libknet.h
index 36fefa5fbe66ff4c0bb4f4599df0570095195804..0331b1f8f75d37e8b45dd3b52d234cf67d198fa4 100644 (file)
--- a/libknet/libknet.h
+++ b/libknet/libknet.h
@@ -587,8 +587,7 @@ int knet_handle_pmtud_get(knet_handle_t knet_h,
                                unsigned int *data_mtu);
 
 
-
-#define KNET_MIN_KEY_LEN  256
+#define KNET_MIN_KEY_LEN  128
 #define KNET_MAX_KEY_LEN 4096
 
 struct knet_handle_crypto_cfg {