[Tickets #12099] Re: create gpg keys for the 21th century
noreply at bugs.horde.org
noreply at bugs.horde.org
Mon Mar 18 05:54:34 UTC 2013
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/12099
------------------------------------------------------------------------------
Ticket | 12099
Updated By | Michael Slusarz <slusarz at horde.org>
Summary | create gpg keys for the 21th century
Queue | Horde Base
Version | Git master
Type | Bug
-State | Unconfirmed
+State | Feedback
Priority | 2. Medium
Milestone |
Patch | 1
-Owners |
+Owners | Michael Slusarz
------------------------------------------------------------------------------
Michael Slusarz <slusarz at horde.org> (2013-03-17 23:54) wrote:
Imported 3 of 4 patches. However, I have serious concerns about this patch:
make default pgp keylength 2048
The issue is not security but performance -- generating sufficient
random bits via a web request can take ages (minutes) on certain
systems. These kind of requests can block PHP and cause DoS problems
if a user keeps reloading the page because the request is taking too
long.
I would rather see admin documentation regarding allowing key
generation (and the server issues this may cause). Maybe a config
option disabling and/or allowing the admin to decide the appropriate
default value.
More information about the bugs
mailing list