Andrew McGlashan via luv-main <[email protected]> wrote: > Oh and I will probably up the number of bits next time I create certs, > the default is RSA 2048.
If they start supporting elliptic curve cryptography you'll be able to obtain reputedly stronger encryption at much reduced key lengths. I just installed the client on my KVM instance hosted at Linode and acquired a signed public-key certificate. Note that I have found the haveged package useful; it supplies random numbers to the kernel's pool by exploiting timing variability in the execution of a loop by the CPU. You can also run rngtest to evaluate the quality of the random numbers that your system is generating. A reliable hardware random number generator would of course be desirable, especially for servers. _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
