X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=cmdgen.c;h=265e5adc1ac9e450927100a6da5a7a2bce7333d5;hb=145ecf611238c4f1e39d89d3eee40319a2c54fe8;hp=94ce49eaaebc190c37add9b6050fdc9ba1fe1d42;hpb=7f3c956ed1144d601ab2e237ab7325a4fffb3167;p=PuTTY.git

diff --git a/cmdgen.c b/cmdgen.c
index 94ce49ea..265e5adc 100644
--- a/cmdgen.c
+++ b/cmdgen.c
@@ -223,6 +223,8 @@ static char *readpassphrase(const char *filename)
     return line;
 }
 
+#define DEFAULT_RSADSA_BITS 2048
+
 int main(int argc, char **argv)
 {
     char *infile = NULL;
@@ -500,7 +502,7 @@ int main(int argc, char **argv)
             bits = 256;
             break;
           default:
-            bits = 2048;
+            bits = DEFAULT_RSADSA_BITS;
             break;
         }
     }
@@ -520,6 +522,11 @@ int main(int argc, char **argv)
             fprintf(stderr, "puttygen: cannot generate %s keys shorter than"
                     " 256 bits\n", (keytype == DSA ? "DSA" : "RSA"));
             errs = TRUE;
+        } else if (bits < DEFAULT_RSADSA_BITS) {
+            fprintf(stderr, "puttygen: warning: %s keys shorter than"
+                    " %d bits are probably not secure\n",
+                    (keytype == DSA ? "DSA" : "RSA"), DEFAULT_RSADSA_BITS);
+            /* but this is just a warning, so proceed anyway */
         }
     }