> OpenSSL decided to use a “512 bit long modulus”, the default. We’re told: “don’t roll your own crypto; instead trust standard tools like OpenSSL”. The modulus length is a good example of why: a wrong value results in a trivially breakable key, and you the user shouldn’t need to know what the right value is. So OpenSSL chooses a sensible modulus length for you.
Checking the OpenBSD man page for the LibreSSL genrsa, it does seem to generate 2048-bit RSA keys by default[1].
Perhaps Apple just stuck with an older default (for backwards compat) or perhaps this wasn't changed yet in the old version of LibreSSL that Apple uses?
Checking the OpenBSD man page for the LibreSSL genrsa, it does seem to generate 2048-bit RSA keys by default[1].
Perhaps Apple just stuck with an older default (for backwards compat) or perhaps this wasn't changed yet in the old version of LibreSSL that Apple uses?
[1] https://man.openbsd.org/openssl#GENRSA