[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#181162: ssh-keygen: Default key length needs increasing.

On Sat, Feb 15, 2003 at 07:34:46PM -0800, Alexander Hvostov wrote:
> Package: ssh
> Version: 1:3.5p1-4
> Severity: normal
> Tags: security
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Due to recent advances in the development of technology for cracking RSA, I
> feel that the default key length for 'ssh-keygen' should be increased for RSA
> keys, to at least 2048 bits.

I haven't really formed an opinion on this yet, and of course it will
have to go upstream; although I note that both PuTTY and the key
generation tools at the cryptography company where I work still use the
same default, so I don't think it's disastrously small just yet.

> Though I have not heard of similar advances in cracking DSA,
> increasing the default key length for those keys would probably also
> be prudent.

The Digital Signature Standard specifies a maximum of 1024 bits for DSA
keys: see http://www.itl.nist.gov/fipspubs/fip186.htm and
DSA_generate_parameters(3).

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
Reply to: