Displaying 12 results from an estimated 12 matches for "131a".
Did you mean:
131
2013 May 23
1
Support for "ssh-rsa-sha256" and "ssh-dss-sha256" ?
I completely support this request. ?My organization is interested in supporting these public key algorithms to comply with NIST SP 800-131A too.
Jeff, it is my understanding that through RFC4419, OpenSSH can be support the Key Agreement Using Diffie-Hellman and MQV guidelines in SP 800-131A using the "diffie-hellman-group-exchange-sha256" method. ?Is that correct?
Thanks.
2015 Jul 24
2
DH_GRP_MIN is currently 1024, should it be bumped to 2048?
Greetings,
Given the weakness with Diffie-Hellman modp groups less than 2048, is it
time to bump the suggested 1024 bit minimum value from the RFC 4419 to a
more current 2048 value for OpenSSH 7.0?
If so, should this be just a compile-time change, or should there be a
new client and server runtime option?
Thanks,
-- Mark
2013 May 28
9
[Bug 2109] New: Add support for ssh-rsa-sha256 and ssh-dsa-sha256 public key algorithms
...Hardware: All
OS: FreeBSD
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: Geoff_Lowe at McAfee.com
Based on guidelines in NIST Special Publication 800-131A, "Transitions:
Recommendation for Transitioning the Use of Cryptographic Algorithms
and Key Lengths" dated January 2011, the US Governement is pushing for
stronger crypto in a number of different areas (encryption, digital
signatures, random number generation, key agreement using
diffie-h...
2013 Oct 03
1
ssh-keygen DSA keys longer than 1024 bit
...st be 1024 bits");
Commenting these two lines allows the generation of, say, 2048 bit DSA keys
that work just fine with sshd.
The only reason that I could previously find is that 1024 is imposed by
FIPS 186-2, but the current FIPS 186-3 allows for larger DSA keys.
In light of the NIST SP800-131A guide that recommends 2048 as a minimum for
DSA key length, can anyone please explain me why the limitation still
exists in current openssh (6.3p1)? Is there a legal constraint?
Thank you,
--
Silviu
2013 Sep 10
0
[Bug 1647] Implement FIPS 186-3 for DSA keys
...6-3:
>
> L = 1024, N = 160
> L = 2048, N = 224
> L = 2048, N = 256
> L = 3072, N = 256
>
> And it would seem that the L=2048,N=256 L=3072,N=256 selections are now
> possible while remaining standards compliant.
SHA-1 is not allowed in digital signatures per NIST SP 800-131A after
December 31, 2013.
The problem is in the way that ssh-dss is specified in RFC 4253 to use a
SHA-1 hash in the dss_signature_blob. The same problems exist for
x509v3-ssh-dss which also specifies the use of SHA-1.
In order to use a DSA-2048 or DSA-3072 with SHA-256 or SHA-512, one
would like...
2013 May 15
2
Support for "ssh-rsa-sha256" and "ssh-dss-sha256" ?
Functionality request for supporting Digital Signatures for RSA and DSS
Public Key Algorithms in alignment with NIST SP800-131A.
I
assume this has been asked before, but I could not find in the
archives. Support of "ssh-rsa-sha256" and "ssh-dss-sha256" public key
algorithms for OpenSSH? I know Suite B Algorithms and x509 SSH
Extension Algorithms are supported, but not a path some folks (us) want
to t...
2013 Sep 10
4
[Bug 1647] Implement FIPS 186-3 for DSA keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1647
mackyle at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mackyle at gmail.com
--- Comment #2 from mackyle at gmail.com ---
RFC 6668 [1] (2012-07) updated RFC 4253 adding the SHA-256 data
2013 Sep 10
4
[Bug 1647] Implement FIPS 186-3 for DSA keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1647
mackyle at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mackyle at gmail.com
--- Comment #2 from mackyle at gmail.com ---
RFC 6668 [1] (2012-07) updated RFC 4253 adding the SHA-256 data
2013 May 15
0
Support for "ssh-rsa-sha256" and "ssh-dss-sha256" ?
Functionality request for supporting Digital Signatures for RSA and DSS Public Key Algorithms in alignment with NIST SP800-131A.
I assume this has been asked before, but I could not find in the archives. Support of "ssh-rsa-sha256" and "ssh-dss-sha256" public key algorithms for OpenSSH? I know Suite B Algorithms and x509 SSH Extension Algorithms are supported, but not a path some folks (us) want t...
2013 Jun 03
7
[Bug 2115] New: Support for DSA p=2048 q=256/224 bit keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2115
Bug ID: 2115
Summary: Support for DSA p=2048 q=256/224 bit keys
Product: Portable OpenSSH
Version: 6.1p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at
2013 Jun 03
7
[Bug 2115] New: Support for DSA p=2048 q=256/224 bit keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2115
Bug ID: 2115
Summary: Support for DSA p=2048 q=256/224 bit keys
Product: Portable OpenSSH
Version: 6.1p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at
2019 Apr 11
4
Understanding Problem with rsa min key length 1024
Hello,
Sometime ago min rsa key length was increased to 1024 bit and i have a
little understanding problem with this.
I hope somebody with some crypto-experience can enlighten me. To make
that clear, that is not about allowing lower keys in general.
Personally i would tend to use even longer keys(2048bit+).
However Due nature of RSA-algorithm in case of 1024bit this might result
in a key