[Ach] Fwd: DSA keysize constraints
Aaron Zauner
azet at azet.org
Tue Nov 5 14:30:54 CET 2013
FWD to correct mailing list
Begin forwarded message:
> From: Aaron Zauner <azet at azet.org>
> Subject: DSA keysize constraints
> Date: 5 Nov 2013 14:24:13 GMT+1
> To: discuss at lists.cert.at
>
> Hi,
>
> I’ve opened a thread regarding DSA keysizes in openssh on their development mailing list [0] - to my surprise it’s not as easy as patching the code to support keylenghts 1024+bit. The Digital Signature Standard (as implemented in OpenSSH) mandates SHA1 which prevents anyone from using keylenghts of above 1024bits [1], there was some discussion on the IETF mailing list about 5 years ago [2], but nothing changed in the end.
>
> The question now is - should we tell users to avoid DSA completely? Should we recommend RSA or even ECDSA host keys?
>
> Input welcome.
>
> Thanks,
> Aaron
>
>
> [0] - http://lists.mindrot.org/pipermail/openssh-unix-dev/2013-November/031764.html
> [1] - https://bugzilla.mindrot.org/show_bug.cgi?id=1647
> [2] - http://thread.gmane.org/gmane.ietf.secsh/6186/focus=6193
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131105/6feae5a8/attachment.sig>
More information about the Ach
mailing list