Is there a reason ssh-keygen restricts DSA keys to exactly 1024 bits, given that NIST is recommending a minimum of 2048? http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
On Fri, Sep 26, 2014 at 5:12 PM, Scott Neugroschl <scott_n at xypro.com> wrote:> Is there a reason ssh-keygen restricts DSA keys to exactly 1024 bits, > given that NIST is recommending a minimum of 2048? >NIST also requires that DSA keys longer than 1024 bits use a hash stronger than SHA1 while the SSH RFC require the use of SHA1. https://bugzilla.mindrot.org/show_bug.cgi?id=1647 -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On Fri, Sep 26, 2014 at 21:12:54 +0000, Scott Neugroschl wrote:> Is there a reason ssh-keygen restricts DSA keys to exactly 1024 bits, given that NIST is recommending a minimum of 2048? > > http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf >Yes, a conflict between the RFC and NIST. Use ecdsa instead. -- Iain Morgan