[Bug 1647] Implement FIPS 186-3 for DSA keys
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Sep 10 18:28:41 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=1647
mackyle at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mackyle at gmail.com
--- Comment #2 from mackyle at gmail.com ---
RFC 6668 [1] (2012-07) updated RFC 4253 adding the SHA-256 data
integrity algorithm as a new recommended algorithm.
FIPS 186-4 [2] (2013-07) section 4.2 includes the same DSA parameters
as FIPS 186-3:
L = 1024, N = 160
L = 2048, N = 224
L = 2048, N = 256
L = 3072, N = 256
And it would seem that the L=2048,N=256 L=3072,N=256 selections are now
possible while remaining standards compliant.
It appears that OpenSSH has added support for SHA-256 and SHA-512 in
version 5.9p1 (2011-09).
[1] http://tools.ietf.org/html/rfc6668
[2] http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list