Does ssh-keygen really allow 521 bit ECDSA key generation?

James Cloos cloos at
Thu Feb 26 00:49:56 AEDT 2015

>>>>> "EB" == Eugene Bright <hexumg at> writes:

EB> I found strange sentence in ssh-keygen man page. There is may be a misprint.

No, that is correct.

They couldn't find a good prime slightly under 512 bits, so chose the
Mersenne prime 2^521 - 1.

James Cloos <cloos at>         OpenPGP: 0x997A9F17ED7DAEA6

More information about the openssh-unix-dev mailing list