Use modern cryptography for NTP keys

author Aurelien Jarno <aurelien@aurel32.net>

Wed, 3 Apr 2019 08:35:22 +0000 (10:35 +0200)

committer Aurelien Jarno <aurelien@aurel32.net>

Wed, 3 Apr 2019 08:35:22 +0000 (10:35 +0200)
author Aurelien Jarno <aurelien@aurel32.net>
Wed, 3 Apr 2019 08:35:22 +0000 (10:35 +0200)
committer Aurelien Jarno <aurelien@aurel32.net>
Wed, 3 Apr 2019 08:35:22 +0000 (10:35 +0200)
diff --git a/modules/ntp/files/etc-default-ntp b/modules/ntp/files/etc-default-ntp

index 91790cd..d5bcb42 100644 (file)
--- a/modules/ntp/files/etc-default-ntp
+++ b/modules/ntp/files/etc-default-ntp
@@ -41,6 +41,6 @@ if ! [ -e "$KEYSDIR/ntpkey_cert_$h" ] ||
         # on the client this is all we need:
         if [ -x /usr/sbin/ntp-keygen ] ; then
                 [ -d "$KEYSDIR" ] || install -d -o root -g ntp -m 770 "$KEYSDIR"
-               ( cd "$KEYSDIR" && RANDFILE=/dev/urandom /usr/sbin/ntp-keygen -I -H -c RSA-SHA1 -m 1024 )
+               ( cd "$KEYSDIR" && RANDFILE=/dev/urandom /usr/sbin/ntp-keygen -I -H -c RSA-SHA256 -m 2048 )
         fi
  fi
author	Aurelien Jarno <aurelien@aurel32.net>
	Wed, 3 Apr 2019 08:35:22 +0000 (10:35 +0200)
committer	Aurelien Jarno <aurelien@aurel32.net>
	Wed, 3 Apr 2019 08:35:22 +0000 (10:35 +0200)