Andrew McGlashan via luv-main <luv-main@luv.asn.au> wrote:
Oh and I will probably up the number of bits next time I create certs, the default is RSA 2048.
If they start supporting elliptic curve cryptography you'll be able to obtain reputedly stronger encryption at much reduced key lengths. I just installed the client on my KVM instance hosted at Linode and acquired a signed public-key certificate. Note that I have found the haveged package useful; it supplies random numbers to the kernel's pool by exploiting timing variability in the execution of a loop by the CPU. You can also run rngtest to evaluate the quality of the random numbers that your system is generating. A reliable hardware random number generator would of course be desirable, especially for servers.