From 4e648f76930af8c376a833677d940b2b0efc3c86 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fabian=20Gr=C3=BCnbichler?= Date: Wed, 3 Apr 2019 14:28:50 +0200 Subject: [PATCH] reduce minimum crypto key size to 1024bit MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Since the key is used for AES/3DES and HMAC operations only, this is safe. AES/3DES use keys in the 128- to 256-bit range, HMAC with MD5/SHA1/SHA2 should use keys with a minimum of 128- to 512-bit (in both cases, depending on the actual algorithm used). This reduction also keeps knet compatible with existing Corosync 2.x keyfiles, which are 1024-bit. Signed-off-by: Fabian Grünbichler --- libknet/libknet.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libknet/libknet.h b/libknet/libknet.h index 36fefa5..0331b1f 100644 --- a/libknet/libknet.h +++ b/libknet/libknet.h @@ -587,8 +587,7 @@ int knet_handle_pmtud_get(knet_handle_t knet_h, unsigned int *data_mtu); - -#define KNET_MIN_KEY_LEN 256 +#define KNET_MIN_KEY_LEN 128 #define KNET_MAX_KEY_LEN 4096 struct knet_handle_crypto_cfg { -- 2.39.5