top | item 40848992

(no title)

sisk | 1 year ago

> The private key is much easier to set up than stunnel's TLS certificate, "dd if=/dev/urandom count=4 bs=1k of=key" and you're good to go.

The spiped documentation recommends a key size with a minimum of 256b of entropy. I'm curious why you've chosen such a large key size (4096b) here? Is there anything to suggest 256b is no longer sufficient for the general case?

discuss

acatton|1 year ago

Force of habit. No particular reason, "4kiB feels like a nice number", cargo culting. Choose one :) .

It doesn't matter if you have more than 256 bits, as your key file gets hashed with SHA256 at the end[1]. It could be 5GiB it would be the same. So yes, you're right to mention that more bits don't add more security.

[1] https://github.com/Tarsnap/spiped/blob/2194b2c64de65eed119ab...