[Bug 1647] Implement FIPS 186-3 for DSA keys
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sun Sep 6 14:30:48 EST 2009
https://bugzilla.mindrot.org/show_bug.cgi?id=1647
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2009-09-06 14:30:47 EST ---
It's not as simple as just increasing the allowable key size.
look in FIPS-186-3 section 4.2 where it mandates the hash lengths for
the various DSA key sizes:
L = 1024, N = 160
L = 2048, N = 224
L = 2048, N = 256
L = 3072, N = 256
Now look at RFC4253 section 6.6 where it defines the ssh-dss
authentication type as:
"Digital Signature Standard [FIPS-186-2] using the SHA-1 hash"
SHA-1 is 160 bits and is mandated by RFC 4253, thus the only way to be
compliant with both it and FIPS-186-{2,3} is to allow only 1024 bit
keys (which is what ssh-keygen does right now).
There was some discussion about this on the ietf working group about
defining a new authentication method
(http://thread.gmane.org/gmane.ietf.secsh/6186/focus=6193) but AFAIK it
never went anywhere.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list