ssh-keygen DSA keys longer than 1024 bit

Silviu Vlasceanu silviuvlasceanu at yahoo.com
Thu Oct 3 20:53:37 EST 2013


Hi,

Why is there still a limit on the length of a DSA key generated by
ssh-keygen? I mean that ssh-keygen only expects 1024 as key length, or
fails. Here is the code excerpt that enforces the limitation:

if (type == KEY_DSA && *bitsp != 1024)
    fatal("DSA keys must be 1024 bits");

Commenting these two lines allows the generation of, say, 2048 bit DSA keys
that work just fine with sshd.

The only reason that I could previously find is that 1024 is imposed by
FIPS 186-2, but the current FIPS 186-3 allows for larger DSA keys.

In light of the NIST SP800-131A guide that recommends 2048 as a minimum for
DSA key length, can anyone please explain me why the limitation still
exists in current openssh (6.3p1)? Is there a legal constraint?

Thank you,

--
Silviu


More information about the openssh-unix-dev mailing list