llunghezza chiave SSH2 DSA

Ed ed-mlg a bsdcon.it
Ven 3 Feb 2006 13:01:17 CET


On Friday 03 February 2006 09:29, Massimo Lusetti wrote:
> Just for the records...

Quotando da: http://www.securityfocus.com/print/columnists/375

Why did you increase the default size of new RSA/DSA keys generated by 
ssh-keygen from 1024 to 2048 bits? 

Damien Miller: Firstly, increasing the default size of DSA keys was a mistake 
(my mistake, corrected in the next release) because unmodified DSA is limited 
by a 160-bit subgroup and SHA-1 hash, obviating the most of the benefit of 
using a larger overall key length, and because we don't accept modified DSA 
variants with this restriction removed. There are some new DSA standards on 
they way that use larger subgroups and longer hashes, which we could use once 
they are standardized and included in OpenSSL. 

We increased the default RSA keysize because of recommendations by the NESSIE 
project and others to use RSA keys of at least 1536 bits in length. Because 
host and user keys generated now will likely be in use for several years we 
picked a longer and more conservative key length. Also, 2048 is a nice round 
(binary) number.



> Questo e` un estratto dell'annuncio della release 4.3 di OpenSSH:
>
> Some of the other bugs resolved and internal improvements are:
>
>  * Reduce default key length for new DSA keys generated by ssh-keygen
>    back to 1024 bits. DSA is not specified for longer lengths and does
>    not fully benefit from simply making keys longer. As per FIPS 186-2
>    Change Notice 1, ssh-keygen will refuse to generate a new DSA key
>    smaller or larger than 1024 bits


Maggiori informazioni sulla lista varie