similar to: Support for "ssh-rsa-sha256" and "ssh-dss-sha256" ?

Functionality request for supporting Digital Signatures for RSA and DSS Public Key Algorithms in alignment with NIST SP800-131A. I assume this has been asked before, but I could not find in the archives. Support of "ssh-rsa-sha256" and "ssh-dss-sha256" public key algorithms for OpenSSH? I know Suite B Algorithms and x509 SSH Extension Algorithms are supported, but not a

I completely support this request. ?My organization is interested in supporting these public key algorithms to comply with NIST SP 800-131A too. Jeff, it is my understanding that through RFC4419, OpenSSH can be support the Key Agreement Using Diffie-Hellman and MQV guidelines in SP 800-131A using the "diffie-hellman-group-exchange-sha256" method. ?Is that correct? Thanks.

https://bugzilla.mindrot.org/show_bug.cgi?id=2109 Bug ID: 2109 Summary: Add support for ssh-rsa-sha256 and ssh-dsa-sha256 public key algorithms Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: FreeBSD Status: NEW Severity: enhancement Priority: P5

<bugzilla-daemon at mindrot.org> writes: > https://bugzilla.mindrot.org/show_bug.cgi?id=1647 > > mackyle at gmail.com changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > CC| |mackyle at gmail.com > > --- Comment #2 from

Hi, Why is there still a limit on the length of a DSA key generated by ssh-keygen? I mean that ssh-keygen only expects 1024 as key length, or fails. Here is the code excerpt that enforces the limitation: if (type == KEY_DSA && *bitsp != 1024) fatal("DSA keys must be 1024 bits"); Commenting these two lines allows the generation of, say, 2048 bit DSA keys that work just fine

Hello, I saw from OpenSSH man pages that the DSA key length must be 1024 bytes (according to the standard FIPS 186-2). According to the FIPS186-3 and NIST SP800-57, DSA key length could be greater than 1024 bytes (2048, 3072). Will OpenSSH be compliant with this new standard? If yes, could you share with me the delivery plan of OpenSSh version implementing FIPS186-3/NIST SP800-57

Following is sharelessly copied from one of the newsgroups I read on grc.com.. /Soren NIST issues recommendations for secure VOIP http://www.gcn.com/vol1_no1/daily-updates/34747-1.html http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf *********************************************************** Quote *********************************************************** The National

Here is a quick patch against openssh-2.5.1p1 to add a new config option (pkalg) for the ssh client allowing the selection of which public keys are obtained/verified. --cut-here- diff -c3 -r orig/openssh-2.5.1p1/key.c openssh-2.5.1p1/key.c *** orig/openssh-2.5.1p1/key.c Mon Feb 5 18:16:28 2001 --- openssh-2.5.1p1/key.c Sun Mar 11 23:10:10 2001 *************** *** 534,539 **** --- 534,567 ----

https://bugzilla.mindrot.org/show_bug.cgi?id=2115 Bug ID: 2115 Summary: Support for DSA p=2048 q=256/224 bit keys Product: Portable OpenSSH Version: 6.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2115 Bug ID: 2115 Summary: Support for DSA p=2048 q=256/224 bit keys Product: Portable OpenSSH Version: 6.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at

On Wed, May 27, 2015 at 05:08:25PM -0400, Daniel Kahn Gillmor wrote: > On Tue 2015-05-26 15:39:49 -0400, Mark D. Baushke wrote: > > Hi Folks, > > > > The generator value of 5 does not lead to a q-ordered subgroup which > > is needed to pass tests in > > > > http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf > > I

Hi, all. So, in reviewing my OpenSSH keypairs and evaluating the size my RSA keys should be, i realized that, if i update my 2048-bit keypairs to 4096 bits, it really doesn't matter that much, because they're still only encrypted with 3DES, which provides an effective 112 bits of symmetric encryption strength: $ head -4 ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- Proc-Type:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi guys, been trying the x509 patch for ssh from Roumen, it works great. However, I can't figure out couple of things, and been trying to solve it for couple of days already. I'am using OpenSSH_4.7p1-hpn12v19, OpenSSL 0.9.8g with 6.1 version of your patch. The serverside hostkey is configured correctly, to present x509v3-sign-rsa dynowork

[Image: http://pixhost.info/avaxhome/7c/a3/0017a37c_medium.jpeg ] DSS CATIA V5R19 SP9 Win32 Update Only | 1.13 GB CATIA V5 is the leading product development solution for all manufacturing organizations, from OEMs through their supply chains to small independent producers. The range of its capabilities allows CATIA V5 to be applied in a wide variety of industries, such as aerospace, automotive,

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]

I am interested in configuring Dovecot's TLS so as to retain forward secrecy, but eliminate all of NIST's elliptic curves. Besides being subject to side channel attacks [1], in some quarters there is a general distrust of NIST's curves and any of their other cryptographic primitives after the Dual EC DRBG debacle. >From what I can tell, the following will prevent the use of

When is the x.509 patch going to become part of the main distribution of OpenSSH, and if not, why? Looks like other projects i.e. OpenSC might be using it now as well. Secondly, thought I'd try it again, new patch (Validator), same error... TIA, cs ######################## # ssh-x509 Unknown Public Key Type ######################## 1 Installed OpenSSL-0.9.7d (no customization) 2

I have a client project to implement PCI/DSS compliance. The PCI/DSS auditor has stipulated that the web server, application middleware (tomcat), the db server have to be on different systems. In addition the auditor has also stipulated that there be a NTP server, a "patch" server, The Host OS on all of the above nodes will be CentOS 6.2. Below is a list of things that would be

https://bugzilla.mindrot.org/show_bug.cgi?id=1749 Summary: ssh-keygen cant "import" a generic x509 rsa public key Product: Portable OpenSSH Version: 5.4p1 Platform: Other OS/Version: Other Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo: unassigned-bugs at

Hi Everyone, I may be a bit late to the game announcing this here, but I''ve found out some good news for PCI DSS compliance and virtualisation. We are now allowed to use virtualisation in a PCI DSS environment, as long as we don''t give each VM (DomU) more than one primary function. A good extreme example: We could have a single physical box with 2 NICs which could be the