[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#181162: ssh-keygen: Default key length needs increasing.

On Sun, Mar 07, 2004 at 01:15:26PM +0000, Martin Michlmayr wrote:
> * Colin Watson <cjwatson@debian.org> [2004-03-07 12:20]:
> > > Though I have not heard of similar advances in cracking DSA,
> > > increasing the default key length for those keys would probably also
> > > be prudent.
> > 
> > The Digital Signature Standard specifies a maximum of 1024 bits for DSA
> > keys: see http://www.itl.nist.gov/fipspubs/fip186.htm and
> 
> Hmmm, I'm pretty sure ssh-keygen let me generate a DSA key with more
> than 1024 bits.

The fact that it's not DSS-compliant doesn't make it impossible. :)
There's some precedent for it, too.

I seem to recall hearing that the length of p wasn't really the weakest
point in DSA anyway once you got past 1024 bits, but I'd have to check
that.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
Reply to: