diff --git a/ChangeLog b/ChangeLog
index 276467e502929884e989f72f5cf724823db4edf9..b66a58906eb40900403df04fa111fcdbf155aac1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,6 +30,8 @@ version 0.9.9 -- UNRELEASED
 	dup:
 	 . Fix separate signing key usecase. Thanks to Ian Beckwith for
 	   the patch.
+	rdiff:
+	 . Generate 4096 bits RSA keys.
 
 version 0.9.8.1 -- October 31, 2010 (boo!)
     backupninja changes
diff --git a/handlers/rdiff.helper.in b/handlers/rdiff.helper.in
index b5bb8bba35deca7cd06879a16433b9f7e778e628..039799e558c17355db861a39620e2c384fbc6476 100644
--- a/handlers/rdiff.helper.in
+++ b/handlers/rdiff.helper.in
@@ -168,7 +168,7 @@ do_rdiff_ssh_con() {
 
    if [ ! -f /root/.ssh/id_dsa.pub -a ! -f /root/.ssh/id_rsa.pub ]; then
       echo "Creating local root's ssh key"
-      ssh-keygen -t dsa -f /root/.ssh/id_dsa -N ""
+      ssh-keygen -t rsa -b 4096 -f /root/.ssh/id_rsa -N ""
       echo "Done. hit return to continue"
       read
    fi