From 0d7a7ecc227c6a5f86081b4abb494daa4fdc713e Mon Sep 17 00:00:00 2001
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Wed, 3 Apr 2019 10:35:22 +0200
Subject: [PATCH] Use modern cryptography for NTP keys

---
 modules/ntp/files/etc-default-ntp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/ntp/files/etc-default-ntp b/modules/ntp/files/etc-default-ntp
index 91790cd4f..d5bcb4287 100644
--- a/modules/ntp/files/etc-default-ntp
+++ b/modules/ntp/files/etc-default-ntp
@@ -41,6 +41,6 @@ if ! [ -e "$KEYSDIR/ntpkey_cert_$h" ] ||
 	# on the client this is all we need:
 	if [ -x /usr/sbin/ntp-keygen ] ; then
 		[ -d "$KEYSDIR" ] || install -d -o root -g ntp -m 770 "$KEYSDIR"
-		( cd "$KEYSDIR" && RANDFILE=/dev/urandom /usr/sbin/ntp-keygen -I -H -c RSA-SHA1 -m 1024 )
+		( cd "$KEYSDIR" && RANDFILE=/dev/urandom /usr/sbin/ntp-keygen -I -H -c RSA-SHA256 -m 2048 )
 	fi
 fi
-- 
2.20.1