On Thu, Oct 03, 2013 at 01:53:37PM +0300, Silviu Vlasceanu
wrote:> Hi,
>
> Why is there still a limit on the length of a DSA key generated by
> ssh-keygen? I mean that ssh-keygen only expects 1024 as key length, or
> fails. Here is the code excerpt that enforces the limitation:
>
> if (type == KEY_DSA && *bitsp != 1024)
> fatal("DSA keys must be 1024 bits");
>
> Commenting these two lines allows the generation of, say, 2048 bit DSA keys
> that work just fine with sshd.
>
> The only reason that I could previously find is that 1024 is imposed by
> FIPS 186-2, but the current FIPS 186-3 allows for larger DSA keys.
FIPS 186-3 also specifies which hash algorithms are permitted for those
larger DSA key lengths (section 4.2). You might want to compare those
with the hash (note: singular) specified by RFC 4253.
> In light of the NIST SP800-131A guide that recommends 2048 as a minimum for
> DSA key length, can anyone please explain me why the limitation still
> exists in current openssh (6.3p1)? Is there a legal constraint?
It's specification constraint. The intersection of what's permitted by
FIPS 186-3 and RFC 4253 is DSA keys of exactly 1024 bits (which is
coincidentally what ssh-keygen currently does).
For further information see https://bugzilla.mindrot.org/show_bug.cgi?id=1647
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.