Reviewed: https://review.openstack.org/121497 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=3957d3bed8f2ee2bbb9e54dd67d4f3ab25fc3a13 Submitter: Jenkins Branch: master commit 3957d3bed8f2ee2bbb9e54dd67d4f3ab25fc3a13 Author: Qin Zhao <chaochin at gmail.com> Date: Mon Sep 15 18:08:51 2014 +0800 NIST: increase RSA key length to 2048 bit According to NIST 800-131A, RSA key lenght for digital signature must >= 2048 bit. Now we use 1024 bit key to generate x509 cert file. Need to increase the key length to 2048 bit. Change-Id: I59f614b5d8a79f9e0a96503867cfca176be5c757 Closes-Bug: 1369487 ** Changed in: nova Status: In Progress => Fix Committed -- You received this bug notification because you are a member of OpenStack Security Group, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1369487 Title: NIST: increase RSA key length to 2048 bit Status in OpenStack Compute (Nova): Fix Committed Status in OpenStack Security Advisories: Won't Fix Bug description: According to NIST 800-131A, RSA key lenght for digital signature must >= 2048 bit. In crypto.py, we use 1024 bit as the default key length to generate cert file, and does not specify any larger number to override the default value when utilizing it. def generate_x509_cert(user_id, project_id, bits=1024): Need to increase the default key length to 2048 bit. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1369487/+subscriptions