[Bug 1647] Implement FIPS 186-3 for DSA keys

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sun Sep 6 14:30:48 EST 2009


https://bugzilla.mindrot.org/show_bug.cgi?id=1647


Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au


--- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2009-09-06 14:30:47 EST ---
It's not as simple as just increasing the allowable key size.

look in FIPS-186-3 section 4.2 where it mandates the hash lengths for
the various DSA key sizes:

L = 1024, N = 160 
L = 2048, N = 224 
L = 2048, N = 256 
L = 3072, N = 256 

Now look at RFC4253 section 6.6 where it defines the ssh-dss
authentication type as:

"Digital Signature Standard [FIPS-186-2] using the SHA-1 hash"

SHA-1 is 160 bits and is mandated by RFC 4253, thus the only way to be
compliant with both it and FIPS-186-{2,3} is to allow only 1024 bit
keys (which is what ssh-keygen does right now).

There was some discussion about this on the ietf working group about
defining a new authentication method
(http://thread.gmane.org/gmane.ietf.secsh/6186/focus=6193) but AFAIK it
never went anywhere.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list