similar to: FYI: NIST issues recommendations for secure VOIP

Hello, I saw from OpenSSH man pages that the DSA key length must be 1024 bytes (according to the standard FIPS 186-2). According to the FIPS186-3 and NIST SP800-57, DSA key length could be greater than 1024 bytes (2048, 3072). Will OpenSSH be compliant with this new standard? If yes, could you share with me the delivery plan of OpenSSh version implementing FIPS186-3/NIST SP800-57

On Wed, May 27, 2015 at 05:08:25PM -0400, Daniel Kahn Gillmor wrote: > On Tue 2015-05-26 15:39:49 -0400, Mark D. Baushke wrote: > > Hi Folks, > > > > The generator value of 5 does not lead to a q-ordered subgroup which > > is needed to pass tests in > > > > http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf > > I

That doesn't seem to be the case. See https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf (5.6.1 Comparable Algorithm Strengths) On Fri, Feb 15, 2019 at 8:28 AM Darren Tucker <dtucker at dtucker.net> wrote: > > On Fri, 15 Feb 2019 at 16:00, Yegor Ievlev <koops1997 at gmail.com> wrote: > > I don't think there is any point to generate so

Hi, Why is there still a limit on the length of a DSA key generated by ssh-keygen? I mean that ssh-keygen only expects 1024 as key length, or fails. Here is the code excerpt that enforces the limitation: if (type == KEY_DSA && *bitsp != 1024) fatal("DSA keys must be 1024 bits"); Commenting these two lines allows the generation of, say, 2048 bit DSA keys that work just fine

On 09/22/2017 06:55 PM, Tim Broberg wrote: > Do I understand correctly, that you find the security of group 14 unacceptable and yet you left it enabled? In the end, I'm trying to ensure a minimum equivalent of 128-bits of security. Group14 is 2048-bits, which roughly translates to 112-bits. [1] To this end, I disabled the "diffie-hellman-group14-sha1" and

<bugzilla-daemon at mindrot.org> writes: > https://bugzilla.mindrot.org/show_bug.cgi?id=1647 > > mackyle at gmail.com changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > CC| |mackyle at gmail.com > > --- Comment #2 from

Hi, all. So, in reviewing my OpenSSH keypairs and evaluating the size my RSA keys should be, i realized that, if i update my 2048-bit keypairs to 4096 bits, it really doesn't matter that much, because they're still only encrypted with 3DES, which provides an effective 112 bits of symmetric encryption strength: $ head -4 ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- Proc-Type:

Looking at ssh-keygen.c from openssh-6.2p2.tar.gz lines 186-187: if (type == KEY_DSA && *bitsp != 1024) fatal("DSA keys must be 1024 bits"); It appears to me that ssh-keygen will only generate 1024 bit DSA keys. Is that still current? FIPS 186-3 (2009-06) section 4.2 and FIPS 186-4 [1] (2013-07) section 4.2 state: 4.2 Selection of Parameter Sizes

Dear all, Ed25519 public keys being as small as they are is very convenient. There is an opportunity to nudge the world towards modern algorithms. I believe choices made in OpenSSH can positively impact the wider eco-system and industry. I'd like to suggest ssh-keygen to generate an Ed25519 keypair, if invoked without any arguments. OpenSSH has supported Ed25519 since version 6.5 (January

https://bugzilla.mindrot.org/show_bug.cgi?id=1647 mackyle at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mackyle at gmail.com --- Comment #2 from mackyle at gmail.com --- RFC 6668 [1] (2012-07) updated RFC 4253 adding the SHA-256 data

https://bugzilla.mindrot.org/show_bug.cgi?id=1647 mackyle at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mackyle at gmail.com --- Comment #2 from mackyle at gmail.com --- RFC 6668 [1] (2012-07) updated RFC 4253 adding the SHA-256 data

Postdoctoral Position Announcement National Institute of Standards and Technology Gaithersburg, Maryland The National Institute of Standards and Technology (NIST) is seeking to fill a post-doctoral / guest researcher position to work on greenhouse gas emissions and dispersion modeling, including atmospheric flux inversions. As part of its Greenhouse Gas (GHG) and Climate Science Measurements

Functionality request for supporting Digital Signatures for RSA and DSS Public Key Algorithms in alignment with NIST SP800-131A. I assume this has been asked before, but I could not find in the archives. Support of "ssh-rsa-sha256" and "ssh-dss-sha256" public key algorithms for OpenSSH? I know Suite B Algorithms and x509 SSH Extension Algorithms are supported, but not a

Hi, OpenSSH plans to remove support for DSA keys in the near future. This message describes our rationale, process and proposed timeline. Rationale --------- DSA, as specified in the SSHv2 protocol, is inherently weak - being limited to a 160 bit private key and use of the SHA1 digest. Its estimated security level is <=80 bits symmetric equivalent[1][2]. OpenSSH has disabled DSA keys by

Hi, OpenSSH plans to remove support for DSA keys in the near future. This message describes our rationale, process and proposed timeline. Rationale --------- DSA, as specified in the SSHv2 protocol, is inherently weak - being limited to a 160 bit private key and use of the SHA1 digest. Its estimated security level is <=80 bits symmetric equivalent[1][2]. OpenSSH has disabled DSA keys by

Hi, I want to study the multi-path TCP behavior (single TCP connection over multi-paths), and I am setting up the test bed. I have two machines, each with two network cards. I have directly connected two eth0, and I am trying to figure out how connect two eth1 to control the properties of this connection, so that I can study the TCP on multiple different paths (different in terms of latency,

I referred to the fact that there is no value for 4096-bit groups at all. For higher strengths than 128 bits one should probably not use non-EC crypto at all, as the document suggests. On Fri, Feb 15, 2019 at 9:19 AM Darren Tucker <dtucker at dtucker.net> wrote: > > On Fri, 15 Feb 2019 at 16:45, Yegor Ievlev <koops1997 at gmail.com> wrote: > > That doesn't seem to be

NIST maintains a repository of Statistical Reference Datasets at http://www.itl.nist.gov/div898/strd/. I have been working through the datasets to compare R's results to their references with the hope that if all works well, this could become a validation package. All the linear regression datasets give results with some degree of accuracy except one. The NIST model includes 11 parameters,

Functionality request for supporting Digital Signatures for RSA and DSS Public Key Algorithms in alignment with NIST SP800-131A. I assume this has been asked before, but I could not find in the archives. Support of "ssh-rsa-sha256" and "ssh-dss-sha256" public key algorithms for OpenSSH? I know Suite B Algorithms and x509 SSH Extension Algorithms are supported, but not a

Greetings, Given the weakness with Diffie-Hellman modp groups less than 2048, is it time to bump the suggested 1024 bit minimum value from the RFC 4419 to a more current 2048 value for OpenSSH 7.0? If so, should this be just a compile-time change, or should there be a new client and server runtime option? Thanks, -- Mark