Hello,
To strengthen Mbed TLS against accidental misuse, we're going to enforce a minimum size for RSA key generation. Currently the minimum is 128 bits, just to avoid some edge cases in the implementation. So for example, if you want a 2048-bit key but accidentally pass a number of bytes, the library will happily generate a 256-bit key. We want to prevent this scenario.
What should the minimum be? If we make the minimum 2048 bits, will this be a problem? We will not make the minimum any higher. But we're considering enforcing only a minimum 1024 bits, which is over the record from public breaks and largely resolves the risk of bits/bytes confusion.
Should we also enforce a minimum (perhaps lower) in the 2.28 long-time support branch?
If you're using Mbed TLS to generate small RSA keys, please let us know on the mailing list, on GitHub at https://github.com/Mbed-TLS/mbedtls/issues/7556, or by private email.
Best regards,