[Bug 1647] Implement FIPS 186-3 for DSA keys

Damien Miller djm at mindrot.org
Wed Sep 11 13:18:27 EST 2013


On Tue, 10 Sep 2013, Mark D. Baushke wrote:

> Other alternatives would mean writing another RFC to deal with a new
> public key algorithm name or set of names to handle the key sizes and
> hash algorithms you want to allow.

Or just abandoning DSA for ECDSA. It has the advantages of already being
implemented, being faster and offering a better security level (assuming
NIST/NSA haven't some exquisite backdoor in the curves).

-d


More information about the openssh-bugs mailing list