[Bug 1647] Implement FIPS 186-3 for DSA keys
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Oct 4 01:11:48 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=1647
--- Comment #3 from Darren Tucker <dtucker at zip.com.au> ---
(In reply to mackyle from comment #2)
> RFC 6668 [1] (2012-07) updated RFC 4253 adding the SHA-256 data
> integrity algorithm as a new recommended algorithm.
>
> FIPS 186-4 [2] (2013-07) section 4.2 includes the same DSA
> parameters as FIPS 186-3:
>
> L = 1024, N = 160
> L = 2048, N = 224
> L = 2048, N = 256
> L = 3072, N = 256
>
> And it would seem that the L=2048,N=256 L=3072,N=256 selections are
> now possible while remaining standards compliant.
RFC 6668 adds a new HMAC (ie integrity) algorithm (RFC 4253 section
6.4) not a public key (ie authentication) algorithm (RFC 4253 section
6.6).
OpenSSH does in fact implement RFC 6668 (run ssh -vvv and look at the
MACS offered) but it doesn't change the situation with DSA
authentication.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list