openssh bugs - Sep 2009 - [Bug 1647] New: Implement FIPS 186-3 for DSA keys

https://bugzilla.mindrot.org/show_bug.cgi?id=1647

           Summary: Implement FIPS 186-3 for DSA keys
           Product: Portable OpenSSH
           Version: 5.2p1
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: ssh-keygen
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: facorread at gmail.com


--- Comment #0 from Fabio A. Correa <facorread at gmail.com> 2009-09-05
18:22:37 COT ---
Hello friends, keep up the great work with SSH.

The DSA has been expanded, allowing longer DSA keys. It would be great
to have this implemented in SSH for better security.

http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
https://secure.wikimedia.org/wikipedia/en/wiki/Digital_Signature_Algorithm

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1647


Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au


--- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2009-09-06
14:30:47 EST ---
It's not as simple as just increasing the allowable key size.

look in FIPS-186-3 section 4.2 where it mandates the hash lengths for
the various DSA key sizes:

L = 1024, N = 160 
L = 2048, N = 224 
L = 2048, N = 256 
L = 3072, N = 256 

Now look at RFC4253 section 6.6 where it defines the ssh-dss
authentication type as:

"Digital Signature Standard [FIPS-186-2] using the SHA-1 hash"

SHA-1 is 160 bits and is mandated by RFC 4253, thus the only way to be
compliant with both it and FIPS-186-{2,3} is to allow only 1024 bit
keys (which is what ssh-keygen does right now).

There was some discussion about this on the ietf working group about
defining a new authentication method
(http://thread.gmane.org/gmane.ietf.secsh/6186/focus=6193) but AFAIK it
never went anywhere.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.